[WIP] Add kubeconfig certificate rotation tests #550
Conversation
Signed-off-by: Furkat Gofurov <[email protected]>
There was a problem hiding this comment.
adding "requesting changes" so the PR doesn't get merged and close the issue. @furkatgofurov7 would you be able to verify that rotating kubeconfig causes an update for machines? Maybe trigger it somehow manually from code, I don't have ideas how to verify it in other ways at the moment
furkatgofurov7
changed the title
| _, err = r.reconcileKubeconfig(ctx, clusterName, endpoint, rcp) | ||
| Expect(err).ToNot(HaveOccurred()) | ||
|
|
||
| Expect(testEnv.Get(ctx, client.ObjectKey{Namespace: ns.Name, Name: secret.Name}, secret)).To(Succeed()) |
There was a problem hiding this comment.
Can we also check that the kubeconfig secret is actually rotated? It seems to me that the current validation equals to “no rotation” test case: https://github.com/rancher/cluster-api-provider-rke2/pull/550/files#diff-cd4559684c03b3b2a238ed4f8c142bb867312c79174f5a6474b157ac7849a737R312-R316
There was a problem hiding this comment.
reconcileKubeconfig calls kubeconfig.CreateSecretWithOwner, I'm also not sure that cert would get rotated.
|
@alexander-demicev @Danil-Grigorev I checked the cert rotation code again and found out related tests in the kubeadm code so I think: we should not need to test cert rotation (or basically duplicate the tests from kubeadm), since anyways we are just using the function by importing and there is already a comprehensive tests for it in the kubeadm codebase. |
|
@furkatgofurov7 do we set this annotation on the bootstrap config https://cluster-api.sigs.k8s.io/tasks/certs/auto-rotate-certificates-in-kcp.html?highlight=rotat#triggering-machine-rollout-for-certificate-expiry? and does CAPRKE2 replace machines when it's set and expires? |
|
@alexander-demicev looks like the |
What this PR does / why we need it:
Adds new test cases for kubeconfig certificate automatic rotation implementation in #521
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #520
Special notes for your reviewer:
Checklist: