Skip to content

Commit

Permalink
Rotate kubeconfig before it expires
Browse files Browse the repository at this point in the history
  • Loading branch information
@ttreptow
ttreptow committed Dec 13, 2024
1 parent 053adab commit 74bf0d4
Showing 1 changed file with 20 additions and 0 deletions.
20 changes: 20 additions & 0 deletions controlplane/internal/controllers/rke2controlplane_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package controllers
import (
"context"
"fmt"
"sigs.k8s.io/cluster-api/util/certs"
"strings"
"time"

Expand Down Expand Up @@ -55,6 +56,7 @@ import (
"github.com/rancher/cluster-api-provider-rke2/pkg/registration"
"github.com/rancher/cluster-api-provider-rke2/pkg/rke2"
"github.com/rancher/cluster-api-provider-rke2/pkg/secret"
capikubeconfig "sigs.k8s.io/cluster-api/util/kubeconfig"
)

const (
Expand Down Expand Up @@ -812,6 +814,24 @@ func (r *RKE2ControlPlaneReconciler) reconcileKubeconfig(
return ctrl.Result{}, nil
}

needsRotation, err := capikubeconfig.NeedsClientCertRotation(configSecret, certs.ClientCertificateRenewalDuration)
if err != nil {
return ctrl.Result{}, err
}

if needsRotation {
logger.Info("Rotating kubeconfig secret")
if err := kubeconfig.CreateSecretWithOwner(

Check failure on line 824 in controlplane/internal/controllers/rke2controlplane_controller.go

View workflow job for this annotation

GitHub Actions / lint 

if statements should only be cuddled with assignments (wsl)

Check failure on line 824 in controlplane/internal/controllers/rke2controlplane_controller.go

View workflow job for this annotation

GitHub Actions / lint 

if statements should only be cuddled with assignments (wsl)

Check failure on line 824 in controlplane/internal/controllers/rke2controlplane_controller.go

View workflow job for this annotation

GitHub Actions / lint 

if statements should only be cuddled with assignments (wsl)

Check failure on line 824 in controlplane/internal/controllers/rke2controlplane_controller.go

View workflow job for this annotation

GitHub Actions / lint 

if statements should only be cuddled with assignments (wsl)
ctx,
r.Client,
clusterName,
endpoint.String(),
controllerOwnerRef,
); err != nil {
return ctrl.Result{}, errors.Wrap(err, "failed to regenerate kubeconfig")
}
}

return ctrl.Result{}, nil
}

Expand Down

0 comments on commit 74bf0d4

Please sign in to comment.