From 7d7a9105d687a4c31b64c7dc933c772e69156ce2 Mon Sep 17 00:00:00 2001
From: Ciprian Hacman <ciprian@hakman.dev>
Date: Sat, 21 Oct 2023 07:54:50 +0300
Subject: [PATCH] Add support for --cluster-signing-duration KCM flag

---
 k8s/crds/kops.k8s.io_clusters.yaml                | 10 +++++++---
 pkg/apis/kops/componentconfig.go                  |  6 ++++--
 pkg/apis/kops/v1alpha2/componentconfig.go         |  6 ++++--
 pkg/apis/kops/v1alpha2/zz_generated.conversion.go |  2 ++
 pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go   |  5 +++++
 pkg/apis/kops/v1alpha3/componentconfig.go         |  6 ++++--
 pkg/apis/kops/v1alpha3/zz_generated.conversion.go |  2 ++
 pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go   |  5 +++++
 pkg/apis/kops/zz_generated.deepcopy.go            |  5 +++++
 9 files changed, 38 insertions(+), 9 deletions(-)

diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml
index dc4599fef1..9ff1824b2f 100644
--- a/k8s/crds/kops.k8s.io_clusters.yaml
+++ b/k8s/crds/kops.k8s.io_clusters.yaml
@@ -2061,6 +2061,10 @@ spec:
                 description: KubeControllerManagerConfig is the configuration for
                   the controller
                 properties:
+                  ClusterSigningDuration:
+                    description: ClusterSigningDuration is the max length of duration
+                      that the signed certificates will be given. (default 365*24h)
+                    type: string
                   allocateNodeCIDRs:
                     description: AllocateNodeCIDRs enables CIDRs for Pods to be allocated
                       and, if ConfigureCloudRoutes is true, to be set on the cloud
@@ -2181,9 +2185,9 @@ spec:
                       latency, but lower number of endpoints revision generated
                     type: string
                   experimentalClusterSigningDuration:
-                    description: ExperimentalClusterSigningDuration is the duration
-                      that determines the length of duration that the signed certificates
-                      will be given. (default 8760h0m0s)
+                    description: ExperimentalClusterSigningDuration is the max length
+                      of duration that the signed certificates will be given. (default
+                      365*24h) Deprecated - use cluster-signing-duration instead
                     type: string
                   externalCloudVolumePlugin:
                     description: ExternalCloudVolumePlugin is a fallback mechanism
diff --git a/pkg/apis/kops/componentconfig.go b/pkg/apis/kops/componentconfig.go
index 9bf3826529..e575b4ead0 100644
--- a/pkg/apis/kops/componentconfig.go
+++ b/pkg/apis/kops/componentconfig.go
@@ -615,9 +615,11 @@ type KubeControllerManagerConfig struct {
 	// HorizontalPodAutoscalerUseRestClients determines if the new-style clients
 	// should be used if support for custom metrics is enabled.
 	HorizontalPodAutoscalerUseRestClients *bool `json:"horizontalPodAutoscalerUseRestClients,omitempty" flag:"horizontal-pod-autoscaler-use-rest-clients"`
-	// ExperimentalClusterSigningDuration is the duration that determines
-	// the length of duration that the signed certificates will be given. (default 8760h0m0s)
+	// ExperimentalClusterSigningDuration is the max length of duration that the signed certificates will be given. (default 365*24h)
+	// Deprecated - use cluster-signing-duration instead
 	ExperimentalClusterSigningDuration *metav1.Duration `json:"experimentalClusterSigningDuration,omitempty" flag:"experimental-cluster-signing-duration"`
+	// ClusterSigningDuration is the max length of duration that the signed certificates will be given. (default 365*24h)
+	ClusterSigningDuration *metav1.Duration `json:"ClusterSigningDuration,omitempty" flag:"cluster-signing-duration"`
 	// FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features.
 	FeatureGates map[string]string `json:"featureGates,omitempty" flag:"feature-gates"`
 	// TLSCertFile is the file containing the TLS server certificate.
diff --git a/pkg/apis/kops/v1alpha2/componentconfig.go b/pkg/apis/kops/v1alpha2/componentconfig.go
index 3a25ef8428..d6a2c7541e 100644
--- a/pkg/apis/kops/v1alpha2/componentconfig.go
+++ b/pkg/apis/kops/v1alpha2/componentconfig.go
@@ -622,9 +622,11 @@ type KubeControllerManagerConfig struct {
 	// HorizontalPodAutoscalerUseRestClients determines if the new-style clients
 	// should be used if support for custom metrics is enabled.
 	HorizontalPodAutoscalerUseRestClients *bool `json:"horizontalPodAutoscalerUseRestClients,omitempty" flag:"horizontal-pod-autoscaler-use-rest-clients"`
-	// ExperimentalClusterSigningDuration is the duration that determines
-	// the length of duration that the signed certificates will be given. (default 8760h0m0s)
+	// ExperimentalClusterSigningDuration is the max length of duration that the signed certificates will be given. (default 365*24h)
+	// Deprecated - use cluster-signing-duration instead
 	ExperimentalClusterSigningDuration *metav1.Duration `json:"experimentalClusterSigningDuration,omitempty" flag:"experimental-cluster-signing-duration"`
+	// ClusterSigningDuration is the max length of duration that the signed certificates will be given. (default 365*24h)
+	ClusterSigningDuration *metav1.Duration `json:"ClusterSigningDuration,omitempty" flag:"cluster-signing-duration"`
 	// FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features.
 	FeatureGates map[string]string `json:"featureGates,omitempty" flag:"feature-gates"`
 	// TLSCertFile is the file containing the TLS server certificate.
diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
index e0041bd4fb..876799c9fd 100644
--- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
@@ -5110,6 +5110,7 @@ func autoConvert_v1alpha2_KubeControllerManagerConfig_To_kops_KubeControllerMana
 	out.HorizontalPodAutoscalerTolerance = in.HorizontalPodAutoscalerTolerance
 	out.HorizontalPodAutoscalerUseRestClients = in.HorizontalPodAutoscalerUseRestClients
 	out.ExperimentalClusterSigningDuration = in.ExperimentalClusterSigningDuration
+	out.ClusterSigningDuration = in.ClusterSigningDuration
 	out.FeatureGates = in.FeatureGates
 	out.TLSCertFile = in.TLSCertFile
 	out.TLSCipherSuites = in.TLSCipherSuites
@@ -5183,6 +5184,7 @@ func autoConvert_kops_KubeControllerManagerConfig_To_v1alpha2_KubeControllerMana
 	out.HorizontalPodAutoscalerTolerance = in.HorizontalPodAutoscalerTolerance
 	out.HorizontalPodAutoscalerUseRestClients = in.HorizontalPodAutoscalerUseRestClients
 	out.ExperimentalClusterSigningDuration = in.ExperimentalClusterSigningDuration
+	out.ClusterSigningDuration = in.ClusterSigningDuration
 	out.FeatureGates = in.FeatureGates
 	out.TLSCertFile = in.TLSCertFile
 	out.TLSCipherSuites = in.TLSCipherSuites
diff --git a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
index 9e2746d225..f43c4a81be 100644
--- a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
@@ -3416,6 +3416,11 @@ func (in *KubeControllerManagerConfig) DeepCopyInto(out *KubeControllerManagerCo
 		*out = new(v1.Duration)
 		**out = **in
 	}
+	if in.ClusterSigningDuration != nil {
+		in, out := &in.ClusterSigningDuration, &out.ClusterSigningDuration
+		*out = new(v1.Duration)
+		**out = **in
+	}
 	if in.FeatureGates != nil {
 		in, out := &in.FeatureGates, &out.FeatureGates
 		*out = make(map[string]string, len(*in))
diff --git a/pkg/apis/kops/v1alpha3/componentconfig.go b/pkg/apis/kops/v1alpha3/componentconfig.go
index b51fd207fa..ded94c0bb8 100644
--- a/pkg/apis/kops/v1alpha3/componentconfig.go
+++ b/pkg/apis/kops/v1alpha3/componentconfig.go
@@ -613,9 +613,11 @@ type KubeControllerManagerConfig struct {
 	// HorizontalPodAutoscalerUseRestClients determines if the new-style clients
 	// should be used if support for custom metrics is enabled.
 	HorizontalPodAutoscalerUseRestClients *bool `json:"horizontalPodAutoscalerUseRestClients,omitempty" flag:"horizontal-pod-autoscaler-use-rest-clients"`
-	// ExperimentalClusterSigningDuration is the duration that determines
-	// the length of duration that the signed certificates will be given. (default 8760h0m0s)
+	// ExperimentalClusterSigningDuration is the max length of duration that the signed certificates will be given. (default 365*24h)
+	// Deprecated - use cluster-signing-duration instead
 	ExperimentalClusterSigningDuration *metav1.Duration `json:"experimentalClusterSigningDuration,omitempty" flag:"experimental-cluster-signing-duration"`
+	// ClusterSigningDuration is the max length of duration that the signed certificates will be given. (default 365*24h)
+	ClusterSigningDuration *metav1.Duration `json:"ClusterSigningDuration,omitempty" flag:"cluster-signing-duration"`
 	// FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features.
 	FeatureGates map[string]string `json:"featureGates,omitempty" flag:"feature-gates"`
 	// TLSCertFile is the file containing the TLS server certificate.
diff --git a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go
index 2595d0590f..023e70f969 100644
--- a/pkg/apis/kops/v1alpha3/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha3/zz_generated.conversion.go
@@ -5505,6 +5505,7 @@ func autoConvert_v1alpha3_KubeControllerManagerConfig_To_kops_KubeControllerMana
 	out.HorizontalPodAutoscalerTolerance = in.HorizontalPodAutoscalerTolerance
 	out.HorizontalPodAutoscalerUseRestClients = in.HorizontalPodAutoscalerUseRestClients
 	out.ExperimentalClusterSigningDuration = in.ExperimentalClusterSigningDuration
+	out.ClusterSigningDuration = in.ClusterSigningDuration
 	out.FeatureGates = in.FeatureGates
 	out.TLSCertFile = in.TLSCertFile
 	out.TLSCipherSuites = in.TLSCipherSuites
@@ -5578,6 +5579,7 @@ func autoConvert_kops_KubeControllerManagerConfig_To_v1alpha3_KubeControllerMana
 	out.HorizontalPodAutoscalerTolerance = in.HorizontalPodAutoscalerTolerance
 	out.HorizontalPodAutoscalerUseRestClients = in.HorizontalPodAutoscalerUseRestClients
 	out.ExperimentalClusterSigningDuration = in.ExperimentalClusterSigningDuration
+	out.ClusterSigningDuration = in.ClusterSigningDuration
 	out.FeatureGates = in.FeatureGates
 	out.TLSCertFile = in.TLSCertFile
 	out.TLSCipherSuites = in.TLSCipherSuites
diff --git a/pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go
index 5df8951226..b3e568739e 100644
--- a/pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go
@@ -3390,6 +3390,11 @@ func (in *KubeControllerManagerConfig) DeepCopyInto(out *KubeControllerManagerCo
 		*out = new(v1.Duration)
 		**out = **in
 	}
+	if in.ClusterSigningDuration != nil {
+		in, out := &in.ClusterSigningDuration, &out.ClusterSigningDuration
+		*out = new(v1.Duration)
+		**out = **in
+	}
 	if in.FeatureGates != nil {
 		in, out := &in.FeatureGates, &out.FeatureGates
 		*out = make(map[string]string, len(*in))
diff --git a/pkg/apis/kops/zz_generated.deepcopy.go b/pkg/apis/kops/zz_generated.deepcopy.go
index 0c2c075031..7a00116824 100644
--- a/pkg/apis/kops/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/zz_generated.deepcopy.go
@@ -3569,6 +3569,11 @@ func (in *KubeControllerManagerConfig) DeepCopyInto(out *KubeControllerManagerCo
 		*out = new(v1.Duration)
 		**out = **in
 	}
+	if in.ClusterSigningDuration != nil {
+		in, out := &in.ClusterSigningDuration, &out.ClusterSigningDuration
+		*out = new(v1.Duration)
+		**out = **in
+	}
 	if in.FeatureGates != nil {
 		in, out := &in.FeatureGates, &out.FeatureGates
 		*out = make(map[string]string, len(*in))