Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Certificates Refresh Controller - Control Plane #58

Merged
merged 7 commits into from
Sep 30, 2024
Merged

Add Certificates Refresh Controller - Control Plane #58

merged 7 commits into from
Sep 30, 2024

Conversation

mateoflorido
Copy link
Member

Important

This implementation depends on the work in canonical/k8s-snap#699

Overview

Create a new controller to handle refresh certificates for control plane nodes running on CAPI.

Rationale

We need to expose the certificate refresh functionality for control plane nodes without requiring a full rollout deployment, which would consume more resources. Instead, we leverage the business logic baked in k8s-snap to refresh the certificates in place, which allows us to refresh the self-signed certificates without the additional overhead or down time in the cluster.

Changes

  • Implemented a new Certificates Controller.
  • Added logic to annotate machines with the certificate expiration date, enabling the expiry date to bubble up from the node.
  • Added functionality to refresh certificates for control plane nodes.
  • Increased the default socat timeout (0.5 seconds) to 5 seconds due to latency when creating new certificates.

Further Information

Proposal 003 - #54

@mateoflorido mateoflorido requested a review from a team as a code owner September 26, 2024 03:53
eaudetcobello
eaudetcobello reviewed Sep 26, 2024
View reviewed changes
bootstrap/controllers/certificates_controller.go Outdated Show resolved Hide resolved
bootstrap/controllers/certificates_controller.go Outdated Show resolved Hide resolved
bootstrap/controllers/certificates_controller.go Outdated Show resolved Hide resolved
bootstrap/controllers/certificates_controller.go Outdated Show resolved Hide resolved
bootstrap/controllers/certificates_controller.go Outdated Show resolved Hide resolved
bootstrap/controllers/certificates_controller.go Outdated Show resolved Hide resolved
berkayoz
berkayoz reviewed Sep 27, 2024
View reviewed changes
Copy link
Member

@berkayoz berkayoz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work! Did a first pass and left some comments.

bootstrap/controllers/certificates_controller.go Outdated Show resolved Hide resolved
bootstrap/controllers/certificates_controller.go Show resolved Hide resolved
bootstrap/controllers/certificates_controller.go Outdated Show resolved Hide resolved
bootstrap/controllers/certificates_controller.go Outdated Show resolved Hide resolved
pkg/ck8s/manifests/k8sd-proxy-template.yaml Show resolved Hide resolved
@mateoflorido mateoflorido merged commit 353cfa5 into main Sep 30, 2024
7 checks passed
@mateoflorido mateoflorido deleted the KU-1513/certs-control-plane branch September 30, 2024 16:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@berkayoz berkayoz berkayoz approved these changes

@eaudetcobello eaudetcobello eaudetcobello approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mateoflorido @berkayoz @eaudetcobello