From 265b20021fb6bae1f543f5ba7582b487de5ee72d Mon Sep 17 00:00:00 2001 From: Jesse Haka Date: Thu, 20 Feb 2025 20:38:26 +0200 Subject: [PATCH] make --admin configurable to rolling-update --- cmd/kops/rolling-update_cluster.go | 7 +++++++ cmd/kops/util/factory.go | 17 ++++++++++------- docs/cli/kops_rolling-update_cluster.md | 1 + 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/cmd/kops/rolling-update_cluster.go b/cmd/kops/rolling-update_cluster.go index ad3fb0e0b92ec..005f4a5e57de3 100644 --- a/cmd/kops/rolling-update_cluster.go +++ b/cmd/kops/rolling-update_cluster.go @@ -37,6 +37,7 @@ import ( "k8s.io/kops/pkg/cloudinstances" "k8s.io/kops/pkg/commands/commandutils" "k8s.io/kops/pkg/instancegroups" + "k8s.io/kops/pkg/kubeconfig" "k8s.io/kops/pkg/pretty" "k8s.io/kops/pkg/validation" "k8s.io/kops/upup/pkg/fi/cloudup" @@ -145,6 +146,8 @@ type RollingUpdateOptions struct { // TODO: Move more/all above options to RollingUpdateOptions instancegroups.RollingUpdateOptions + + kubeconfig.CreateKubecfgOptions } func (o *RollingUpdateOptions) InitDefaults() { @@ -165,6 +168,8 @@ func (o *RollingUpdateOptions) InitDefaults() { o.DrainTimeout = 15 * time.Minute + o.Admin = kubeconfig.DefaultKubecfgAdminLifetime + o.RollingUpdateOptions.InitDefaults() } @@ -193,6 +198,7 @@ func NewCmdRollingUpdateCluster(f *util.Factory, out io.Writer) *cobra.Command { cmd.Flags().BoolVar(&options.Force, "force", options.Force, "Force rolling update, even if no changes") cmd.Flags().BoolVar(&options.CloudOnly, "cloudonly", options.CloudOnly, "Perform rolling update without validating cluster status (will cause downtime)") + cmd.Flags().DurationVar(&options.Admin, "admin", options.Admin, "a cluster admin user credential with the specified lifetime") cmd.Flags().DurationVar(&options.ValidationTimeout, "validation-timeout", options.ValidationTimeout, "Maximum time to wait for a cluster to validate") cmd.Flags().DurationVar(&options.DrainTimeout, "drain-timeout", options.DrainTimeout, "Maximum time to wait for a node to drain") cmd.Flags().Int32Var(&options.ValidateCount, "validate-count", options.ValidateCount, "Number of times that a cluster needs to be validated after single node update") @@ -227,6 +233,7 @@ func NewCmdRollingUpdateCluster(f *util.Factory, out io.Writer) *cobra.Command { } func RunRollingUpdateCluster(ctx context.Context, f *util.Factory, out io.Writer, options *RollingUpdateOptions) error { + f.CreateKubecfgOptions = options.CreateKubecfgOptions clientset, err := f.KopsClient() if err != nil { return err diff --git a/cmd/kops/util/factory.go b/cmd/kops/util/factory.go index 734e426cf2aed..272de84cef836 100644 --- a/cmd/kops/util/factory.go +++ b/cmd/kops/util/factory.go @@ -23,7 +23,6 @@ import ( "net/url" "strings" "sync" - "time" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/client-go/dynamic" @@ -56,6 +55,8 @@ type Factory struct { mutex sync.Mutex // clusters holds REST connection configuration for connecting to clusters clusters map[string]*clusterInfo + + kubeconfig.CreateKubecfgOptions } // clusterInfo holds REST connection configuration for connecting to a cluster @@ -66,6 +67,7 @@ type clusterInfo struct { cachedHTTPClient *http.Client cachedRESTConfig *rest.Config cachedDynamicClient dynamic.Interface + kubeconfig.CreateKubecfgOptions } func NewFactory(options *FactoryOptions) *Factory { @@ -177,6 +179,7 @@ func (f *Factory) getClusterInfo(cluster *kops.Cluster) *clusterInfo { func (f *Factory) RESTConfig(cluster *kops.Cluster) (*rest.Config, error) { clusterInfo := f.getClusterInfo(cluster) + clusterInfo.CreateKubecfgOptions = f.CreateKubecfgOptions return clusterInfo.RESTConfig() } @@ -184,7 +187,7 @@ func (f *clusterInfo) RESTConfig() (*rest.Config, error) { ctx := context.Background() if f.cachedRESTConfig == nil { - restConfig, err := f.factory.buildRESTConfig(ctx, f.cluster) + restConfig, err := f.factory.buildRESTConfig(ctx, f.cluster, f.CreateKubecfgOptions) if err != nil { return nil, err } @@ -253,7 +256,7 @@ func (f *Factory) VFSContext() *vfs.VFSContext { return f.vfsContext } -func (f *Factory) buildRESTConfig(ctx context.Context, cluster *kops.Cluster) (*rest.Config, error) { +func (f *Factory) buildRESTConfig(ctx context.Context, cluster *kops.Cluster, options kubeconfig.CreateKubecfgOptions) (*rest.Config, error) { clientset, err := f.KopsClient() if err != nil { return nil, err @@ -274,9 +277,9 @@ func (f *Factory) buildRESTConfig(ctx context.Context, cluster *kops.Cluster) (* return nil, err } - // Generate a relatively short-lived certificate / kubeconfig - createKubecfgOptions := kubeconfig.CreateKubecfgOptions{ - Admin: 1 * time.Hour, + // backwards compatibility + if options.Admin == 0 { + options.Admin = kubeconfig.DefaultKubecfgAdminLifetime } conf, err := kubeconfig.BuildKubecfg( @@ -285,7 +288,7 @@ func (f *Factory) buildRESTConfig(ctx context.Context, cluster *kops.Cluster) (* keyStore, secretStore, cloud, - createKubecfgOptions, + options, f.KopsStateStore()) if err != nil { return nil, err diff --git a/docs/cli/kops_rolling-update_cluster.md b/docs/cli/kops_rolling-update_cluster.md index 36ac6cc0545f2..761c958b1eff7 100644 --- a/docs/cli/kops_rolling-update_cluster.md +++ b/docs/cli/kops_rolling-update_cluster.md @@ -59,6 +59,7 @@ kops rolling-update cluster [CLUSTER] [flags] ### Options ``` + --admin duration a cluster admin user credential with the specified lifetime (default 18h0m0s) --bastion-interval duration Time to wait between restarting bastions (default 15s) --cloudonly Perform rolling update without validating cluster status (will cause downtime) --control-plane-interval duration Time to wait between restarting control plane nodes (default 15s)