Skip to content

✨ Add CertificateValidityPeriod and CACertificateValidityPeriod to KubeadmConfig #12335

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
+273 −84
Open

✨ Add CertificateValidityPeriod and CACertificateValidityPeriod to KubeadmConfig #12335

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
7f713bb
Add CertificateValidityPeriod type to KubeadmConfig
Karthik-K-N Jun 12, 2025
29ee524
Add CACertificateValidityPeriod to Kubeadmconfig
Karthik-K-N Jun 11, 2025
1680d8a
Use CACertificateValidityPeriod while generating certificates
Karthik-K-N Jun 12, 2025
2834127
Address reveiw comments
Karthik-K-N Jun 12, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions api/bootstrap/kubeadm/v1beta1/conversion.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -329,3 +329,7 @@ func Convert_v1_Condition_To_v1beta1_Condition(in *metav1.Condition, out *cluste
func Convert_v1beta1_Condition_To_v1_Condition(in *clusterv1beta1.Condition, out *metav1.Condition, s apimachineryconversion.Scope) error {
return clusterv1beta1.Convert_v1beta1_Condition_To_v1_Condition(in, out, s)
}

func Convert_v1beta2_ClusterConfiguration_To_v1beta1_ClusterConfiguration(in *bootstrapv1.ClusterConfiguration, out *ClusterConfiguration, s apimachineryconversion.Scope) error {
return autoConvert_v1beta2_ClusterConfiguration_To_v1beta1_ClusterConfiguration(in, out, s)
}
6 changes: 6 additions & 0 deletions api/bootstrap/kubeadm/v1beta1/conversion_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,12 @@ func hubKubeadmConfigSpec(in *bootstrapv1.KubeadmConfigSpec, c randfill.Continue
}
in.JoinConfiguration.Timeouts.ControlPlaneComponentHealthCheckSeconds = initControlPlaneComponentHealthCheckSeconds
}

// Drop the field to avoid round trip errors as it exists only in v1beta2.
if in.ClusterConfiguration != nil {
in.ClusterConfiguration.CertificateValidityPeriodSeconds = nil
in.ClusterConfiguration.CACertificateValidityPeriodSeconds = nil
}
}

func spokeKubeadmConfigSpec(in *KubeadmConfigSpec, c randfill.Continue) {
Expand Down
17 changes: 7 additions & 10 deletions api/bootstrap/kubeadm/v1beta1/zz_generated.conversion.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions api/bootstrap/kubeadm/v1beta2/kubeadm_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,16 @@ type ClusterConfiguration struct {
// featureGates enabled by the user.
// +optional
FeatureGates map[string]bool `json:"featureGates,omitempty"`

// certificateValidityPeriodSeconds specifies the validity period for a non-CA certificate generated by kubeadm.
// Default value: 756,864,000 seconds -> 8760h (365 days * 24 hours = 1 year)
// +optional
CertificateValidityPeriodSeconds *int32 `json:"certificateValidityPeriodSeconds,omitempty"`

// caCertificateValidityPeriodSeconds specifies the validity period for a CA certificate generated by kubeadm.
// Default value: 756,864,000 seconds -> 87600h (365 days * 24 hours * 10 = 10 years)
// +optional
CACertificateValidityPeriodSeconds *int32 `json:"caCertificateValidityPeriodSeconds,omitempty"`
}

// ControlPlaneComponent holds settings common to control plane component of the cluster.
Expand Down
10 changes: 10 additions & 0 deletions api/bootstrap/kubeadm/v1beta2/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions api/controlplane/kubeadm/v1beta1/conversion_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,10 @@ func hubKubeadmConfigSpec(in *bootstrapv1.KubeadmConfigSpec, c randfill.Continue
}
in.JoinConfiguration.Timeouts.ControlPlaneComponentHealthCheckSeconds = initControlPlaneComponentHealthCheckSeconds
}
if in.ClusterConfiguration != nil {
in.ClusterConfiguration.CertificateValidityPeriodSeconds = nil
in.ClusterConfiguration.CACertificateValidityPeriodSeconds = nil
}
}

func hubBootstrapTokenString(in *bootstrapv1.BootstrapTokenString, _ randfill.Continue) {
Expand Down
12 changes: 12 additions & 0 deletions bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigs.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 12 additions & 0 deletions bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigtemplates.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions bootstrap/kubeadm/types/upstreamv1beta3/conversion.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -241,3 +241,7 @@ func (src *ClusterConfiguration) GetAdditionalData(data *upstream.AdditionalData
data.ControlPlaneComponentHealthCheckSeconds = clusterv1.ConvertToSeconds(src.APIServer.TimeoutForControlPlane)
}
}

func Convert_v1beta2_ClusterConfiguration_To_upstreamv1beta3_ClusterConfiguration(in *bootstrapv1.ClusterConfiguration, out *ClusterConfiguration, s apimachineryconversion.Scope) error {
return autoConvert_v1beta2_ClusterConfiguration_To_upstreamv1beta3_ClusterConfiguration(in, out, s)
}
8 changes: 8 additions & 0 deletions bootstrap/kubeadm/types/upstreamv1beta3/conversion_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ func fuzzFuncs(_ runtimeserializer.CodecFactory) []interface{} {
hubControlPlaneComponentFuzzer,
hubLocalEtcdFuzzer,
hubNodeRegistrationOptionsFuzzer,
hubClusterConfigurationFuzzer,
}
}

Expand Down Expand Up @@ -195,3 +196,10 @@ func spokeBootstrapToken(in *BootstrapToken, c randfill.Continue) {
in.TTL = ptr.To[metav1.Duration](metav1.Duration{Duration: time.Duration(c.Int31()) * time.Second})
}
}

func hubClusterConfigurationFuzzer(obj *bootstrapv1.ClusterConfiguration, c randfill.Continue) {
c.FillNoCustom(obj)

obj.CertificateValidityPeriodSeconds = nil
obj.CACertificateValidityPeriodSeconds = nil
}
17 changes: 7 additions & 10 deletions bootstrap/kubeadm/types/upstreamv1beta3/zz_generated.conversion.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

18 changes: 16 additions & 2 deletions bootstrap/kubeadm/types/upstreamv1beta4/conversion.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,9 +62,13 @@ func Convert_upstreamv1beta4_ClusterConfiguration_To_v1beta2_ClusterConfiguratio
// Following fields do not exist in CABPK v1beta1 version:
// - Proxy (Not supported yet)
// - EncryptionAlgorithm (Not supported yet)
// - CertificateValidityPeriod (Not supported yet)
// - CACertificateValidityPeriod (Not supported yet)
return autoConvert_upstreamv1beta4_ClusterConfiguration_To_v1beta2_ClusterConfiguration(in, out, s)
if err := autoConvert_upstreamv1beta4_ClusterConfiguration_To_v1beta2_ClusterConfiguration(in, out, s); err != nil {
return err
}
out.CertificateValidityPeriodSeconds = clusterv1.ConvertToSeconds(in.CertificateValidityPeriod)
out.CACertificateValidityPeriodSeconds = clusterv1.ConvertToSeconds(in.CACertificateValidityPeriod)
return nil
}

func Convert_upstreamv1beta4_DNS_To_v1beta2_DNS(in *DNS, out *bootstrapv1.DNS, s apimachineryconversion.Scope) error {
Expand Down Expand Up @@ -220,3 +224,13 @@ func (src *ClusterConfiguration) GetAdditionalData(data *upstream.AdditionalData
// NOTE: for kubeadm v1beta4 types we are not reading ControlPlaneComponentHealthCheckSeconds into additional data
// because Cluster API types are aligned with kubeadm's v1beta4 API version.
}

// Convert_v1beta2_ClusterConfiguration_To_upstreamv1beta4_ClusterConfiguration is an autogenerated conversion function.
func Convert_v1beta2_ClusterConfiguration_To_upstreamv1beta4_ClusterConfiguration(in *bootstrapv1.ClusterConfiguration, out *ClusterConfiguration, s apimachineryconversion.Scope) error {
if err := autoConvert_v1beta2_ClusterConfiguration_To_upstreamv1beta4_ClusterConfiguration(in, out, s); err != nil {
return err
}
out.CertificateValidityPeriod = clusterv1.ConvertFromSeconds(in.CertificateValidityPeriodSeconds)
out.CACertificateValidityPeriod = clusterv1.ConvertFromSeconds(in.CACertificateValidityPeriodSeconds)
return nil
}
6 changes: 5 additions & 1 deletion bootstrap/kubeadm/types/upstreamv1beta4/conversion_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,11 @@ func spokeClusterConfigurationFuzzer(obj *ClusterConfiguration, c randfill.Conti
obj.Proxy = Proxy{}
obj.EncryptionAlgorithm = ""
obj.CACertificateValidityPeriod = nil
obj.CertificateValidityPeriod = nil

if obj.CertificateValidityPeriod != nil {
obj.CertificateValidityPeriod = ptr.To[metav1.Duration](metav1.Duration{Duration: time.Duration(c.Int31()) * time.Second})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be changed to time.Days when we change the fields on the v1beta2 api to *Days

Please check if max of c.Int31() * time.Days is already more than max of Duration. Then we don't have to do anything here.

We only had to add this for other cases because it was possible to have a Duration which was to high to be converted to Seconds int32

obj.CACertificateValidityPeriod = ptr.To[metav1.Duration](metav1.Duration{Duration: time.Duration(c.Int31()) * time.Second})
}

// Drop the following fields as they have been removed in v1beta2, so we don't have to preserve them.
obj.Networking.ServiceSubnet = ""
Expand Down
17 changes: 7 additions & 10 deletions bootstrap/kubeadm/types/upstreamv1beta4/zz_generated.conversion.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 12 additions & 0 deletions ...rolplane/kubeadm/config/crd/bases/controlplane.cluster.x-k8s.io_kubeadmcontrolplanes.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 12 additions & 0 deletions .../kubeadm/config/crd/bases/controlplane.cluster.x-k8s.io_kubeadmcontrolplanetemplates.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading