From 0e52d06721737bdcbc9a1e8ffe969a4acd697a25 Mon Sep 17 00:00:00 2001
From: Arko Dasgupta <arkodg@users.noreply.github.com>
Date: Tue, 21 Jan 2025 11:29:13 -0800
Subject: [PATCH] rm overwriteControlPlaneCerts from the EnvoyGateway API
 (#5088)

* rm overwriteControlPlaneCerts from the EnvoyGateway API

it was not implemented previously and instead must be specified
as a cmd line arg for `certgen`

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

* lint

Signed-off-by: Arko Dasgupta <arko@tetrate.io>

---------

Signed-off-by: Arko Dasgupta <arko@tetrate.io>
---
 api/v1alpha1/envoygateway_types.go            |  3 ---
 api/v1alpha1/zz_generated.deepcopy.go         |  5 -----
 internal/cmd/certgen.go                       | 19 ++++---------------
 site/content/en/latest/api/extension_types.md |  1 -
 site/content/zh/latest/api/extension_types.md |  1 -
 5 files changed, 4 insertions(+), 25 deletions(-)

diff --git a/api/v1alpha1/envoygateway_types.go b/api/v1alpha1/envoygateway_types.go
index 8867b8c8fed..5f5a9f1a068 100644
--- a/api/v1alpha1/envoygateway_types.go
+++ b/api/v1alpha1/envoygateway_types.go
@@ -215,9 +215,6 @@ type EnvoyGatewayKubernetesProvider struct {
 	// should be deployed
 	// +optional
 	Deploy *KubernetesDeployMode `json:"deploy,omitempty"`
-	// OverwriteControlPlaneCerts updates the secrets containing the control plane certs, when set.
-	// +optional
-	OverwriteControlPlaneCerts *bool `json:"overwriteControlPlaneCerts,omitempty"`
 	// LeaderElection specifies the configuration for leader election.
 	// If it's not set up, leader election will be active by default, using Kubernetes' standard settings.
 	// +optional
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index 575e2084f35..83ef62f3374 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -1611,11 +1611,6 @@ func (in *EnvoyGatewayKubernetesProvider) DeepCopyInto(out *EnvoyGatewayKubernet
 		*out = new(KubernetesDeployMode)
 		(*in).DeepCopyInto(*out)
 	}
-	if in.OverwriteControlPlaneCerts != nil {
-		in, out := &in.OverwriteControlPlaneCerts, &out.OverwriteControlPlaneCerts
-		*out = new(bool)
-		**out = **in
-	}
 	if in.LeaderElection != nil {
 		in, out := &in.LeaderElection, &out.LeaderElection
 		*out = new(LeaderElection)
diff --git a/internal/cmd/certgen.go b/internal/cmd/certgen.go
index a34fee81da0..1f48ed32a86 100644
--- a/internal/cmd/certgen.go
+++ b/internal/cmd/certgen.go
@@ -12,7 +12,6 @@ import (
 	"path"
 
 	"github.com/spf13/cobra"
-	"k8s.io/utils/ptr"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	clicfg "sigs.k8s.io/controller-runtime/pkg/client/config"
@@ -57,10 +56,6 @@ func certGen(local bool) error {
 	}
 	log := cfg.Logger
 
-	if overwriteControlPlaneCerts {
-		cfg.EnvoyGateway.Provider.Kubernetes.OverwriteControlPlaneCerts = ptr.To(true)
-	}
-
 	certs, err := crypto.GenerateCerts(cfg)
 	if err != nil {
 		return fmt.Errorf("failed to generate certificates: %w", err)
@@ -73,7 +68,7 @@ func certGen(local bool) error {
 			return fmt.Errorf("failed to create controller-runtime client: %w", err)
 		}
 
-		if err = outputCertsForKubernetes(ctrl.SetupSignalHandler(), cli, cfg, certs); err != nil {
+		if err = outputCertsForKubernetes(ctrl.SetupSignalHandler(), cli, cfg, overwriteControlPlaneCerts, certs); err != nil {
 			return fmt.Errorf("failed to output certificates: %w", err)
 		}
 	} else {
@@ -87,15 +82,9 @@ func certGen(local bool) error {
 }
 
 // outputCertsForKubernetes outputs the provided certs to a secret in namespace ns.
-func outputCertsForKubernetes(ctx context.Context, cli client.Client, cfg *config.Server, certs *crypto.Certificates) error {
-	var updateSecrets bool
-	if cfg.EnvoyGateway != nil &&
-		cfg.EnvoyGateway.Provider != nil &&
-		cfg.EnvoyGateway.Provider.Kubernetes != nil &&
-		cfg.EnvoyGateway.Provider.Kubernetes.OverwriteControlPlaneCerts != nil &&
-		*cfg.EnvoyGateway.Provider.Kubernetes.OverwriteControlPlaneCerts {
-		updateSecrets = true
-	}
+func outputCertsForKubernetes(ctx context.Context, cli client.Client, cfg *config.Server,
+	updateSecrets bool, certs *crypto.Certificates,
+) error {
 	secrets, err := kubernetes.CreateOrUpdateSecrets(ctx, cli, kubernetes.CertsToSecret(cfg.Namespace, certs), updateSecrets)
 	log := cfg.Logger
 
diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
index ed4050fb347..618e29c68a6 100644
--- a/site/content/en/latest/api/extension_types.md
+++ b/site/content/en/latest/api/extension_types.md
@@ -1174,7 +1174,6 @@ _Appears in:_
 | `rateLimitHpa` | _[KubernetesHorizontalPodAutoscalerSpec](#kuberneteshorizontalpodautoscalerspec)_ |  false  |  | RateLimitHpa defines the Horizontal Pod Autoscaler settings for Envoy ratelimit Deployment.<br />If the HPA is set, Replicas field from RateLimitDeployment will be ignored. |
 | `watch` | _[KubernetesWatchMode](#kuberneteswatchmode)_ |  false  |  | Watch holds configuration of which input resources should be watched and reconciled. |
 | `deploy` | _[KubernetesDeployMode](#kubernetesdeploymode)_ |  false  |  | Deploy holds configuration of how output managed resources such as the Envoy Proxy data plane<br />should be deployed |
-| `overwriteControlPlaneCerts` | _boolean_ |  false  |  | OverwriteControlPlaneCerts updates the secrets containing the control plane certs, when set. |
 | `leaderElection` | _[LeaderElection](#leaderelection)_ |  false  |  | LeaderElection specifies the configuration for leader election.<br />If it's not set up, leader election will be active by default, using Kubernetes' standard settings. |
 | `shutdownManager` | _[ShutdownManager](#shutdownmanager)_ |  false  |  | ShutdownManager defines the configuration for the shutdown manager. |
 
diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md
index ed4050fb347..618e29c68a6 100644
--- a/site/content/zh/latest/api/extension_types.md
+++ b/site/content/zh/latest/api/extension_types.md
@@ -1174,7 +1174,6 @@ _Appears in:_
 | `rateLimitHpa` | _[KubernetesHorizontalPodAutoscalerSpec](#kuberneteshorizontalpodautoscalerspec)_ |  false  |  | RateLimitHpa defines the Horizontal Pod Autoscaler settings for Envoy ratelimit Deployment.<br />If the HPA is set, Replicas field from RateLimitDeployment will be ignored. |
 | `watch` | _[KubernetesWatchMode](#kuberneteswatchmode)_ |  false  |  | Watch holds configuration of which input resources should be watched and reconciled. |
 | `deploy` | _[KubernetesDeployMode](#kubernetesdeploymode)_ |  false  |  | Deploy holds configuration of how output managed resources such as the Envoy Proxy data plane<br />should be deployed |
-| `overwriteControlPlaneCerts` | _boolean_ |  false  |  | OverwriteControlPlaneCerts updates the secrets containing the control plane certs, when set. |
 | `leaderElection` | _[LeaderElection](#leaderelection)_ |  false  |  | LeaderElection specifies the configuration for leader election.<br />If it's not set up, leader election will be active by default, using Kubernetes' standard settings. |
 | `shutdownManager` | _[ShutdownManager](#shutdownmanager)_ |  false  |  | ShutdownManager defines the configuration for the shutdown manager. |