fix: revert default secret lifetime to 1 day (#628)

Author: razvan

rust/crd/src/lib.rs

@@ -1086,7 +1086,7 @@ pub struct NameNodeConfig {
 }
 
 impl NameNodeConfigFragment {
-    const DEFAULT_NAME_NODE_SECRET_LIFETIME: Duration = Duration::from_days_unchecked(7);
+    const DEFAULT_NAME_NODE_SECRET_LIFETIME: Duration = Duration::from_days_unchecked(1);
 
     pub fn default_config(cluster_name: &str, role: &HdfsRole) -> Self {
         Self {
@@ -1223,7 +1223,7 @@ pub struct DataNodeConfig {
 }
 
 impl DataNodeConfigFragment {
-    const DEFAULT_DATA_NODE_SECRET_LIFETIME: Duration = Duration::from_days_unchecked(7);
+    const DEFAULT_DATA_NODE_SECRET_LIFETIME: Duration = Duration::from_days_unchecked(1);
 
     pub fn default_config(cluster_name: &str, role: &HdfsRole) -> Self {
         Self {
@@ -1342,7 +1342,7 @@ pub struct JournalNodeConfig {
 }
 
 impl JournalNodeConfigFragment {
-    const DEFAULT_JOURNAL_NODE_SECRET_LIFETIME: Duration = Duration::from_days_unchecked(7);
+    const DEFAULT_JOURNAL_NODE_SECRET_LIFETIME: Duration = Duration::from_days_unchecked(1);
     pub fn default_config(cluster_name: &str, role: &HdfsRole) -> Self {
         Self {
             resources: ResourcesFragment {

tests/templates/kuttl/kerberos/20-assert.yaml

@@ -31,6 +31,6 @@ apiVersion: kuttl.dev/v1beta1
 kind: TestAssert
 timeout: 600
 commands:
-  - script: kubectl -n $NAMESPACE get sts/hdfs-namenode-default -o yaml | yq -e '.spec.template.spec.volumes.[] | select(.name == "tls" and .ephemeral.volumeClaimTemplate.metadata.annotations."secrets.stackable.tech/backend.autotls.cert.lifetime" == "7d")'
-  - script: kubectl -n $NAMESPACE get sts/hdfs-datanode-default -o yaml | yq -e '.spec.template.spec.volumes.[] | select(.name == "tls" and .ephemeral.volumeClaimTemplate.metadata.annotations."secrets.stackable.tech/backend.autotls.cert.lifetime" == "1d")'
-  - script: kubectl -n $NAMESPACE get sts/hdfs-journalnode-default -o yaml | yq -e '.spec.template.spec.volumes.[] | select(.name == "tls" and .ephemeral.volumeClaimTemplate.metadata.annotations."secrets.stackable.tech/backend.autotls.cert.lifetime" == "2d")'
+  - script: kubectl -n $NAMESPACE get sts/hdfs-namenode-default -o yaml | yq -e '.spec.template.spec.volumes.[] | select(.name == "tls" and .ephemeral.volumeClaimTemplate.metadata.annotations."secrets.stackable.tech/backend.autotls.cert.lifetime" == "1d")'
+  - script: kubectl -n $NAMESPACE get sts/hdfs-datanode-default -o yaml | yq -e '.spec.template.spec.volumes.[] | select(.name == "tls" and .ephemeral.volumeClaimTemplate.metadata.annotations."secrets.stackable.tech/backend.autotls.cert.lifetime" == "2d")'
+  - script: kubectl -n $NAMESPACE get sts/hdfs-journalnode-default -o yaml | yq -e '.spec.template.spec.volumes.[] | select(.name == "tls" and .ephemeral.volumeClaimTemplate.metadata.annotations."secrets.stackable.tech/backend.autotls.cert.lifetime" == "3d")'

tests/templates/kuttl/kerberos/20-install-hdfs.txt.j2

@@ -44,7 +44,7 @@ spec:
         replicas: 2
   dataNodes:
     config:
-      requestedSecretLifetime: 1d
+      requestedSecretLifetime: 2d
       logging:
         enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }}
     roleGroups:
@@ -58,4 +58,4 @@ spec:
       default:
         replicas: 3
         config:
-          requestedSecretLifetime: 2d
+          requestedSecretLifetime: 3d