kubernetes-sigs
diff --git a/‎api/v1alpha3/conversion.go
-2 b/‎api/v1alpha3/conversion.go
-2
diff --git a/‎api/v1alpha3/zz_generated.conversion.go
-1 b/‎api/v1alpha3/zz_generated.conversion.go
-1
diff --git a/‎api/v1alpha4/conversion.go
-1 b/‎api/v1alpha4/conversion.go
-1
diff --git a/‎api/v1alpha4/zz_generated.conversion.go
-1 b/‎api/v1alpha4/zz_generated.conversion.go
-1
diff --git a/‎api/v1beta1/clusterclass_types.go
-4 b/‎api/v1beta1/clusterclass_types.go
-4
diff --git a/‎api/v1beta1/machinehealthcheck_types.go
-15 b/‎api/v1beta1/machinehealthcheck_types.go
-15
diff --git a/‎api/v1beta1/zz_generated.deepcopy.go
-30 b/‎api/v1beta1/zz_generated.deepcopy.go
-30
diff --git a/‎api/v1beta1/zz_generated.openapi.go
+2-35 b/‎api/v1beta1/zz_generated.openapi.go
+2-35
diff --git a/‎config/crd/bases/cluster.x-k8s.io_clusterclasses.yaml
-19 b/‎config/crd/bases/cluster.x-k8s.io_clusterclasses.yaml
-19
diff --git a/‎config/crd/bases/cluster.x-k8s.io_machinehealthchecks.yaml
-9 b/‎config/crd/bases/cluster.x-k8s.io_machinehealthchecks.yaml
-9
diff --git a/‎internal/controllers/machinehealthcheck/machinehealthcheck_targets.go
-16 b/‎internal/controllers/machinehealthcheck/machinehealthcheck_targets.go
-16
diff --git a/‎internal/controllers/machinehealthcheck/machinehealthcheck_targets_test.go
-4 b/‎internal/controllers/machinehealthcheck/machinehealthcheck_targets_test.go
-4
diff --git a/‎internal/controllers/topology/cluster/desired_state.go
-1 b/‎internal/controllers/topology/cluster/desired_state.go
-1
diff --git a/‎util/collections/machine_filters.go
+2 b/‎util/collections/machine_filters.go
+2
diff --git a/‎util/collections/machine_filters_test.go
+1-1 b/‎util/collections/machine_filters_test.go
+1-1
@@ -243,8 +243,6 @@ func (src *MachineHealthCheck) ConvertTo(dstRaw conversion.Hub) error {
 	if restored.Spec.UnhealthyRange != nil {
 		dst.Spec.UnhealthyRange = restored.Spec.UnhealthyRange
 	}
-
-	dst.Spec.Certificates = restored.Spec.Certificates
 	return nil
 }
 
 
@@ -283,7 +283,6 @@ func (src *MachineHealthCheck) ConvertTo(dstRaw conversion.Hub) error {
 		return err
 	}
 
-	dst.Spec.Certificates = restored.Spec.Certificates
 	return nil
 }
 
 
@@ -167,10 +167,6 @@ type MachineHealthCheckClass struct {
 	// +optional
 	NodeStartupTimeout *metav1.Duration `json:"nodeStartupTimeout,omitempty"`
 
-	// Certificates contains the information needed to validate the health of machine certificates.
-	// +optional
-	Certificates *Certificates `json:"certificates,omitempty"`
-
 	// RemediationTemplate is a reference to a remediation template
 	// provided by an infrastructure provider.
 	//
 
@@ -61,10 +61,6 @@ type MachineHealthCheckSpec struct {
 	// +optional
 	NodeStartupTimeout *metav1.Duration `json:"nodeStartupTimeout,omitempty"`
 
-	// Certificates contains the information needed to validate the health of machine certificates.
-	// +optional
-	Certificates *Certificates `json:"certificates,omitempty"`
-
 	// RemediationTemplate is a reference to a remediation template
 	// provided by an infrastructure provider.
 	//
@@ -77,17 +73,6 @@ type MachineHealthCheckSpec struct {
 
 // ANCHOR_END: MachineHealthCHeckSpec
 
-// ANCHOR: Certificates
-
-// Certificates contains the information needed to validate the health of machine certificates.
-type Certificates struct {
-	// ExpiresWithinDays is the number of days after which certificates is considered to be expired.
-	// +optional
-	ExpiresWithinDays *int `json:"expiresWithinDays,omitempty"`
-}
-
-// ANCHOR_END: Certificates
-
 // ANCHOR: UnhealthyCondition
 
 // UnhealthyCondition represents a Node condition type and value with a timeout
 
@@ -185,22 +185,6 @@ func (t *healthCheckTarget) needsRemediation(logger logr.Logger, timeoutForMachi
 			nextCheckTimes = append(nextCheckTimes, nextCheck)
 		}
 	}
-
-	// check certificate expiration
-	if t.MHC.Spec.Certificates != nil && t.MHC.Spec.Certificates.ExpiresWithinDays != nil {
-		// Check only if the certificate expiry information is available.
-		if t.Machine.Status.CertificatesExpiryDate != nil {
-			certificatesExpireAt := t.Machine.Status.CertificatesExpiryDate.Time
-			// if now.Add(time.Duration(*t.MHC.Spec.Certificates.ExpiresWithinDays) * 24 * time.Hour).After(certificatesExpireAt) {
-			if now.Add(time.Duration(*t.MHC.Spec.Certificates.ExpiresWithinDays) * time.Minute).After(certificatesExpireAt) {
-				expiresIn := certificatesExpireAt.Sub(now)
-				expiredInRoundedToMinutes := expiresIn.Round(time.Minute)
-				conditions.MarkFalse(t.Machine, clusterv1.MachineHealthCheckSucceededCondition, clusterv1.CertificateExpiryReason, clusterv1.ConditionSeverityWarning, "Certificates expire in %s", expiredInRoundedToMinutes.String())
-				logger.V(3).Info("Target is unhealthy: certificates expire in %s", expiredInRoundedToMinutes.String())
-				return true, time.Duration(0)
-			}
-		}
-	}
 	return false, minDuration(nextCheckTimes)
 }
 
 
@@ -24,7 +24,6 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/tools/record"
-	"k8s.io/utils/pointer"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
@@ -237,9 +236,6 @@ func TestHealthCheckTargets(t *testing.T) {
 					Timeout: metav1.Duration{Duration: timeoutForUnhealthyConditions},
 				},
 			},
-			Certificates: &clusterv1.Certificates{
-				ExpiresWithinDays: pointer.Int(7),
-			},
 		},
 	}
 
 
@@ -859,7 +859,6 @@ func computeMachineHealthCheck(healthCheckTarget client.Object, selector *metav1
 			MaxUnhealthy:        check.MaxUnhealthy,
 			UnhealthyRange:      check.UnhealthyRange,
 			NodeStartupTimeout:  check.NodeStartupTimeout,
-			Certificates:        check.Certificates,
 			RemediationTemplate: check.RemediationTemplate,
 		},
 	}
 
@@ -179,6 +179,8 @@ func ShouldRolloutAfter(reconciliationTime, rolloutAfter *metav1.Time) Func {
 	}
 }
 
+// ShouldRolloutIfCertificatesExpireWithinMinutes returns a filter to find all machines
+// whose certificates will expire within expiry minutes.
 func ShouldRolloutIfCertificatesExpireWithinMinutes(expiry *int32) Func {
 	return func(machine *clusterv1.Machine) bool {
 		if expiry == nil {
 
@@ -175,7 +175,7 @@ func TestShouldRolloutIfCertificatesExpireWithinMinutes(t *testing.T) {
 		g := NewWithT(t)
 		g.Expect(collections.ShouldRolloutIfCertificatesExpireWithinMinutes(pointer.Int32(10))(nil)).To(BeFalse())
 	})
-	t.Run("if the machine certificate expiry infromation is not available it should return false", func(t *testing.T) {
+	t.Run("if the machine certificate expiry information is not available it should return false", func(t *testing.T) {
 		g := NewWithT(t)
 		m := &clusterv1.Machine{}
 		g.Expect(collections.ShouldRolloutIfCertificatesExpireWithinMinutes(pointer.Int32(10))(m)).To(BeFalse())
Original file line number	Diff line number	Diff line change
`@@ -243,8 +243,6 @@ func (src *MachineHealthCheck) ConvertTo(dstRaw conversion.Hub) error {`
`243`	`243`	`if restored.Spec.UnhealthyRange != nil {`
`244`	`244`	`dst.Spec.UnhealthyRange = restored.Spec.UnhealthyRange`
`245`	`245`	`}`
`246`		`-`
`247`		`- dst.Spec.Certificates = restored.Spec.Certificates`
`248`	`246`	`return nil`
`249`	`247`	`}`
`250`	`248`
Original file line number	Diff line number	Diff line change
`@@ -283,7 +283,6 @@ func (src *MachineHealthCheck) ConvertTo(dstRaw conversion.Hub) error {`
`283`	`283`	`return err`
`284`	`284`	`}`
`285`	`285`
`286`		`- dst.Spec.Certificates = restored.Spec.Certificates`
`287`	`286`	`return nil`
`288`	`287`	`}`
`289`	`288`
Original file line number	Diff line number	Diff line change
`@@ -859,7 +859,6 @@ func computeMachineHealthCheck(healthCheckTarget client.Object, selector *metav1`
`859`	`859`	`MaxUnhealthy: check.MaxUnhealthy,`
`860`	`860`	`UnhealthyRange: check.UnhealthyRange,`
`861`	`861`	`NodeStartupTimeout: check.NodeStartupTimeout,`
`862`		`- Certificates: check.Certificates,`
`863`	`862`	`RemediationTemplate: check.RemediationTemplate,`
`864`	`863`	`},`
`865`	`864`	`}`
Original file line number	Diff line number	Diff line change
`@@ -179,6 +179,8 @@ func ShouldRolloutAfter(reconciliationTime, rolloutAfter *metav1.Time) Func {`
`179`	`179`	`}`
`180`	`180`	`}`
`181`	`181`
	`182`	`+// ShouldRolloutIfCertificatesExpireWithinMinutes returns a filter to find all machines`
	`183`	`+// whose certificates will expire within expiry minutes.`
`182`	`184`	`func ShouldRolloutIfCertificatesExpireWithinMinutes(expiry *int32) Func {`
`183`	`185`	`return func(machine *clusterv1.Machine) bool {`
`184`	`186`	`if expiry == nil {`