make --admin configurable to rolling-update

2025-02-20 20:38:26 +02:00 · 2025-02-20 20:38:26 +02:00 · d5cea90a82
parent 6aeef2c06c
commit d5cea90a82
3 changed files with 18 additions and 7 deletions
--- a/cmd/kops/rolling-update_cluster.go
+++ b/cmd/kops/rolling-update_cluster.go
@ -37,6 +37,7 @@ import (
 	"k8s.io/kops/pkg/cloudinstances"
 	"k8s.io/kops/pkg/commands/commandutils"
 	"k8s.io/kops/pkg/instancegroups"
+	"k8s.io/kops/pkg/kubeconfig"
 	"k8s.io/kops/pkg/pretty"
 	"k8s.io/kops/pkg/validation"
 	"k8s.io/kops/upup/pkg/fi/cloudup"
@ -145,6 +146,8 @@ type RollingUpdateOptions struct {

 	// TODO: Move more/all above options to RollingUpdateOptions
 	instancegroups.RollingUpdateOptions
+
+	kubeconfig.CreateKubecfgOptions
 }

 func (o *RollingUpdateOptions) InitDefaults() {
@ -165,6 +168,8 @@ func (o *RollingUpdateOptions) InitDefaults() {

 	o.DrainTimeout = 15 * time.Minute

+	o.Admin = kubeconfig.DefaultKubecfgAdminLifetime
+
 	o.RollingUpdateOptions.InitDefaults()
 }

@ -193,6 +198,7 @@ func NewCmdRollingUpdateCluster(f *util.Factory, out io.Writer) *cobra.Command {
 	cmd.Flags().BoolVar(&options.Force, "force", options.Force, "Force rolling update, even if no changes")
 	cmd.Flags().BoolVar(&options.CloudOnly, "cloudonly", options.CloudOnly, "Perform rolling update without validating cluster status (will cause downtime)")

+	cmd.Flags().DurationVar(&options.Admin, "admin", options.Admin, "a cluster admin user credential with the specified lifetime")
 	cmd.Flags().DurationVar(&options.ValidationTimeout, "validation-timeout", options.ValidationTimeout, "Maximum time to wait for a cluster to validate")
 	cmd.Flags().DurationVar(&options.DrainTimeout, "drain-timeout", options.DrainTimeout, "Maximum time to wait for a node to drain")
 	cmd.Flags().Int32Var(&options.ValidateCount, "validate-count", options.ValidateCount, "Number of times that a cluster needs to be validated after single node update")
@ -227,6 +233,7 @@ func NewCmdRollingUpdateCluster(f *util.Factory, out io.Writer) *cobra.Command {
 }

 func RunRollingUpdateCluster(ctx context.Context, f *util.Factory, out io.Writer, options *RollingUpdateOptions) error {
+	f.CreateKubecfgOptions = options.CreateKubecfgOptions
 	clientset, err := f.KopsClient()
 	if err != nil {
 		return err
--- a/cmd/kops/util/factory.go
+++ b/cmd/kops/util/factory.go
@ -23,7 +23,6 @@ import (
 	"net/url"
 	"strings"
 	"sync"
-	"time"

 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/client-go/dynamic"
@ -56,6 +55,8 @@ type Factory struct {
 	mutex sync.Mutex
 	// clusters holds REST connection configuration for connecting to clusters
 	clusters map[string]*clusterInfo
+
+	kubeconfig.CreateKubecfgOptions
 }

 // clusterInfo holds REST connection configuration for connecting to a cluster
@ -66,6 +67,7 @@ type clusterInfo struct {
 	cachedHTTPClient    *http.Client
 	cachedRESTConfig    *rest.Config
 	cachedDynamicClient dynamic.Interface
+	kubeconfig.CreateKubecfgOptions
 }

 func NewFactory(options *FactoryOptions) *Factory {
@ -177,6 +179,7 @@ func (f *Factory) getClusterInfo(cluster *kops.Cluster) *clusterInfo {

 func (f *Factory) RESTConfig(cluster *kops.Cluster) (*rest.Config, error) {
 	clusterInfo := f.getClusterInfo(cluster)
+	clusterInfo.CreateKubecfgOptions = f.CreateKubecfgOptions
 	return clusterInfo.RESTConfig()
 }

@ -184,7 +187,7 @@ func (f *clusterInfo) RESTConfig() (*rest.Config, error) {
 	ctx := context.Background()

 	if f.cachedRESTConfig == nil {
-		restConfig, err := f.factory.buildRESTConfig(ctx, f.cluster)
+		restConfig, err := f.factory.buildRESTConfig(ctx, f.cluster, f.CreateKubecfgOptions)
 		if err != nil {
 			return nil, err
 		}
@ -253,7 +256,7 @@ func (f *Factory) VFSContext() *vfs.VFSContext {
 	return f.vfsContext
 }

-func (f *Factory) buildRESTConfig(ctx context.Context, cluster *kops.Cluster) (*rest.Config, error) {
+func (f *Factory) buildRESTConfig(ctx context.Context, cluster *kops.Cluster, options kubeconfig.CreateKubecfgOptions) (*rest.Config, error) {
 	clientset, err := f.KopsClient()
 	if err != nil {
 		return nil, err
@ -274,9 +277,9 @@ func (f *Factory) buildRESTConfig(ctx context.Context, cluster *kops.Cluster) (*
 		return nil, err
 	}

-	// Generate a relatively short-lived certificate / kubeconfig
-	createKubecfgOptions := kubeconfig.CreateKubecfgOptions{
-		Admin: 1 * time.Hour,
+	// backwards compatibility
+	if options.Admin == 0 {
+		options.Admin = kubeconfig.DefaultKubecfgAdminLifetime
 	}

 	conf, err := kubeconfig.BuildKubecfg(
@ -285,7 +288,7 @@ func (f *Factory) buildRESTConfig(ctx context.Context, cluster *kops.Cluster) (*
 		keyStore,
 		secretStore,
 		cloud,
-		createKubecfgOptions,
+		options,
 		f.KopsStateStore())
 	if err != nil {
 		return nil, err
--- a/docs/cli/kops_rolling-update_cluster.md
+++ b/docs/cli/kops_rolling-update_cluster.md
@ -59,6 +59,7 @@ kops rolling-update cluster [CLUSTER] [flags]
 ### Options

 ```
+      --admin duration                    a cluster admin user credential with the specified lifetime (default 18h0m0s)
      --bastion-interval duration         Time to wait between restarting bastions (default 15s)
      --cloudonly                         Perform rolling update without validating cluster status (will cause downtime)
      --control-plane-interval duration   Time to wait between restarting control plane nodes (default 15s)