api refactor

Author: Yuvaraj Kakaraparthi

api/v1alpha3/conversion.go

@@ -244,7 +244,7 @@ func (src *MachineHealthCheck) ConvertTo(dstRaw conversion.Hub) error {
 		dst.Spec.UnhealthyRange = restored.Spec.UnhealthyRange
 	}
 
-	dst.Spec.CertificatesMinExpiryDuration = restored.Spec.CertificatesMinExpiryDuration
+	dst.Spec.Certificates = restored.Spec.Certificates
 	return nil
 }
 

api/v1alpha3/zz_generated.conversion.go

@@ -278,7 +278,7 @@ func (src *MachineHealthCheck) ConvertTo(dstRaw conversion.Hub) error {
 		return err
 	}
 
-	dst.Spec.CertificatesMinExpiryDuration = restored.Spec.CertificatesMinExpiryDuration
+	dst.Spec.Certificates = restored.Spec.Certificates
 	return nil
 }
 

api/v1alpha4/conversion.go

@@ -166,9 +166,9 @@ type MachineHealthCheckClass struct {
 	// +optional
 	NodeStartupTimeout *metav1.Duration `json:"nodeStartupTimeout,omitempty"`
 
-	// Machines whose certificates are not valid for at least the specified duration will be remediated.
+	// Certificates contains the information needed to validate the health of machine certificates.
 	// +optional
-	CertificatesMinExpiryDuration *metav1.Duration `json:"certificatesMinExpiryDuration,omitempty"`
+	Certificates *Certificates `json:"certificates,omitempty"`
 
 	// RemediationTemplate is a reference to a remediation template
 	// provided by an infrastructure provider.

api/v1alpha4/zz_generated.conversion.go

@@ -61,9 +61,9 @@ type MachineHealthCheckSpec struct {
 	// +optional
 	NodeStartupTimeout *metav1.Duration `json:"nodeStartupTimeout,omitempty"`
 
-	// Machines whose certificates are not valid for at least the specified duration will be remediated.
+	// Certificates contains the information needed to validate the health of machine certificates.
 	// +optional
-	CertificatesMinExpiryDuration *metav1.Duration `json:"certificatesMinExpiryDuration,omitempty"`
+	Certificates *Certificates `json:"certificates,omitempty"`
 
 	// RemediationTemplate is a reference to a remediation template
 	// provided by an infrastructure provider.
@@ -77,6 +77,16 @@ type MachineHealthCheckSpec struct {
 
 // ANCHOR_END: MachineHealthCHeckSpec
 
+// ANCHOR: Certificates
+
+type Certificates struct {
+	// ExpiresWithinDays is the number of days after which certificates is considered to be expired.
+	// +optional
+	ExpiresWithinDays *int `json:"expiresWithinDays,omitempty"`
+}
+
+// ANCHOR_END: Certificates
+
 // ANCHOR: UnhealthyCondition
 
 // UnhealthyCondition represents a Node condition type and value with a timeout

api/v1beta1/clusterclass_types.go

@@ -419,10 +419,15 @@ spec:
                       if the ControlPlane provider template referenced above is Machine
                       based and supports setting replicas.
                     properties:
-                      certificatesMinExpiryDuration:
-                        description: Machines whose certificates are not valid for
-                          at least the specified duration will be remediated.
-                        type: string
+                      certificates:
+                        description: Certificates contains the information needed
+                          to validate the health of machine certificates.
+                        properties:
+                          expiresWithinDays:
+                            description: ExpiresWithinDays is the number of days after
+                              which certificates is considered to be expired.
+                            type: integer
+                        type: object
                       maxUnhealthy:
                         anyOf:
                         - type: integer
@@ -1002,10 +1007,16 @@ spec:
                           description: MachineHealthCheck defines a MachineHealthCheck
                             for this MachineDeploymentClass.
                           properties:
-                            certificatesMinExpiryDuration:
-                              description: Machines whose certificates are not valid
-                                for at least the specified duration will be remediated.
-                              type: string
+                            certificates:
+                              description: Certificates contains the information needed
+                                to validate the health of machine certificates.
+                              properties:
+                                expiresWithinDays:
+                                  description: ExpiresWithinDays is the number of
+                                    days after which certificates is considered to
+                                    be expired.
+                                  type: integer
+                              type: object
                             maxUnhealthy:
                               anyOf:
                               - type: integer

api/v1beta1/machinehealthcheck_types.go

@@ -585,10 +585,15 @@ spec:
           spec:
             description: Specification of machine health check policy
             properties:
-              certificatesMinExpiryDuration:
-                description: Machines whose certificates are not valid for at least
-                  the specified duration will be remediated.
-                type: string
+              certificates:
+                description: Certificates contains the information needed to validate
+                  the health of machine certificates.
+                properties:
+                  expiresWithinDays:
+                    description: ExpiresWithinDays is the number of days after which
+                      certificates is considered to be expired.
+                    type: integer
+                type: object
               clusterName:
                 description: ClusterName is the name of the Cluster this object belongs
                   to.

api/v1beta1/zz_generated.deepcopy.go

@@ -185,11 +185,11 @@ func (t *healthCheckTarget) needsRemediation(logger logr.Logger, timeoutForMachi
 	}
 
 	// check certificate expiration
-	if t.MHC.Spec.CertificatesMinExpiryDuration != nil {
+	if t.MHC.Spec.Certificates != nil && t.MHC.Spec.Certificates.ExpiresWithinDays != nil {
 		// Check only if the certificate expiry information is available.
 		if t.Machine.Status.CertificatesExpiryDate != nil {
 			certificatesExpireAt := t.Machine.Status.CertificatesExpiryDate.Time
-			if now.Add(t.MHC.Spec.CertificatesMinExpiryDuration.Duration).After(certificatesExpireAt) {
+			if now.Add(time.Duration(*t.MHC.Spec.Certificates.ExpiresWithinDays) * time.Hour * 24).After(certificatesExpireAt) {
 				expiresIn := certificatesExpireAt.Sub(now)
 				expiredInRoundedToMinutes := expiresIn.Round(time.Minute)
 				conditions.MarkFalse(t.Machine, clusterv1.MachineHealthCheckSucceededCondition, clusterv1.CertificateExpiryReason, clusterv1.ConditionSeverityWarning, "Certificates expire in %s", expiredInRoundedToMinutes.String())

api/v1beta1/zz_generated.openapi.go

@@ -24,6 +24,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/tools/record"
+	"k8s.io/utils/pointer"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
@@ -210,7 +211,6 @@ func TestHealthCheckTargets(t *testing.T) {
 	timeoutForMachineToHaveNode := 10 * time.Minute
 	disabledTimeoutForMachineToHaveNode := time.Duration(0)
 
-	oneWeekDuration := &metav1.Duration{Duration: time.Hour * 24 * 7}
 	twoDaysFromNow := time.Now().Add(time.Hour * 24 * 2)
 
 	// Create a test MHC
@@ -236,7 +236,9 @@ func TestHealthCheckTargets(t *testing.T) {
 					Timeout: metav1.Duration{Duration: 5 * time.Minute},
 				},
 			},
-			CertificatesMinExpiryDuration: oneWeekDuration,
+			Certificates: &clusterv1.Certificates{
+				ExpiresWithinDays: pointer.Int(7),
+			},
 		},
 	}
 

bootstrap/kubeadm/types/upstreamv1beta1/zz_generated.deepcopy.go

@@ -845,14 +845,14 @@ func computeMachineHealthCheck(healthCheckTarget client.Object, selector *metav1
 			Namespace: healthCheckTarget.GetNamespace(),
 		},
 		Spec: clusterv1.MachineHealthCheckSpec{
-			ClusterName:                   clusterName,
-			Selector:                      *selector,
-			UnhealthyConditions:           check.UnhealthyConditions,
-			MaxUnhealthy:                  check.MaxUnhealthy,
-			UnhealthyRange:                check.UnhealthyRange,
-			NodeStartupTimeout:            check.NodeStartupTimeout,
-			CertificatesMinExpiryDuration: check.CertificatesMinExpiryDuration,
-			RemediationTemplate:           check.RemediationTemplate,
+			ClusterName:         clusterName,
+			Selector:            *selector,
+			UnhealthyConditions: check.UnhealthyConditions,
+			MaxUnhealthy:        check.MaxUnhealthy,
+			UnhealthyRange:      check.UnhealthyRange,
+			NodeStartupTimeout:  check.NodeStartupTimeout,
+			Certificates:        check.Certificates,
+			RemediationTemplate: check.RemediationTemplate,
 		},
 	}