Merge pull request #17274 from zetaab/feat/fixrollingupdatetime

make --admin configurable to rolling-update
kubernetes · Feb 24, 2025 · 7c52ef7 · 7c52ef7
2 parents 5bd925c + d5cea90
commit 7c52ef7
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 7 deletions.
diff --git a/cmd/kops/rolling-update_cluster.go b/cmd/kops/rolling-update_cluster.go
@@ -37,6 +37,7 @@ import (
 	"k8s.io/kops/pkg/cloudinstances"
 	"k8s.io/kops/pkg/commands/commandutils"
 	"k8s.io/kops/pkg/instancegroups"
+	"k8s.io/kops/pkg/kubeconfig"
 	"k8s.io/kops/pkg/pretty"
 	"k8s.io/kops/pkg/validation"
 	"k8s.io/kops/upup/pkg/fi/cloudup"
@@ -145,6 +146,8 @@ type RollingUpdateOptions struct {
 
 	// TODO: Move more/all above options to RollingUpdateOptions
 	instancegroups.RollingUpdateOptions
+
+	kubeconfig.CreateKubecfgOptions
 }
 
 func (o *RollingUpdateOptions) InitDefaults() {
@@ -165,6 +168,8 @@ func (o *RollingUpdateOptions) InitDefaults() {
 
 	o.DrainTimeout = 15 * time.Minute
 
+	o.Admin = kubeconfig.DefaultKubecfgAdminLifetime
+
 	o.RollingUpdateOptions.InitDefaults()
 }
 
@@ -193,6 +198,7 @@ func NewCmdRollingUpdateCluster(f *util.Factory, out io.Writer) *cobra.Command {
 	cmd.Flags().BoolVar(&options.Force, "force", options.Force, "Force rolling update, even if no changes")
 	cmd.Flags().BoolVar(&options.CloudOnly, "cloudonly", options.CloudOnly, "Perform rolling update without validating cluster status (will cause downtime)")
 
+	cmd.Flags().DurationVar(&options.Admin, "admin", options.Admin, "a cluster admin user credential with the specified lifetime")
 	cmd.Flags().DurationVar(&options.ValidationTimeout, "validation-timeout", options.ValidationTimeout, "Maximum time to wait for a cluster to validate")
 	cmd.Flags().DurationVar(&options.DrainTimeout, "drain-timeout", options.DrainTimeout, "Maximum time to wait for a node to drain")
 	cmd.Flags().Int32Var(&options.ValidateCount, "validate-count", options.ValidateCount, "Number of times that a cluster needs to be validated after single node update")
@@ -227,6 +233,7 @@ func NewCmdRollingUpdateCluster(f *util.Factory, out io.Writer) *cobra.Command {
 }
 
 func RunRollingUpdateCluster(ctx context.Context, f *util.Factory, out io.Writer, options *RollingUpdateOptions) error {
+	f.CreateKubecfgOptions = options.CreateKubecfgOptions
 	clientset, err := f.KopsClient()
 	if err != nil {
 		return err

diff --git a/cmd/kops/util/factory.go b/cmd/kops/util/factory.go
@@ -23,7 +23,6 @@ import (
 	"net/url"
 	"strings"
 	"sync"
-	"time"
 
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/client-go/dynamic"
@@ -56,6 +55,8 @@ type Factory struct {
 	mutex sync.Mutex
 	// clusters holds REST connection configuration for connecting to clusters
 	clusters map[string]*clusterInfo
+
+	kubeconfig.CreateKubecfgOptions
 }
 
 // clusterInfo holds REST connection configuration for connecting to a cluster
@@ -66,6 +67,7 @@ type clusterInfo struct {
 	cachedHTTPClient    *http.Client
 	cachedRESTConfig    *rest.Config
 	cachedDynamicClient dynamic.Interface
+	kubeconfig.CreateKubecfgOptions
 }
 
 func NewFactory(options *FactoryOptions) *Factory {
@@ -177,14 +179,15 @@ func (f *Factory) getClusterInfo(cluster *kops.Cluster) *clusterInfo {
 
 func (f *Factory) RESTConfig(cluster *kops.Cluster) (*rest.Config, error) {
 	clusterInfo := f.getClusterInfo(cluster)
+	clusterInfo.CreateKubecfgOptions = f.CreateKubecfgOptions
 	return clusterInfo.RESTConfig()
 }
 
 func (f *clusterInfo) RESTConfig() (*rest.Config, error) {
 	ctx := context.Background()
 
 	if f.cachedRESTConfig == nil {
-		restConfig, err := f.factory.buildRESTConfig(ctx, f.cluster)
+		restConfig, err := f.factory.buildRESTConfig(ctx, f.cluster, f.CreateKubecfgOptions)
 		if err != nil {
 			return nil, err
 		}
@@ -253,7 +256,7 @@ func (f *Factory) VFSContext() *vfs.VFSContext {
 	return f.vfsContext
 }
 
-func (f *Factory) buildRESTConfig(ctx context.Context, cluster *kops.Cluster) (*rest.Config, error) {
+func (f *Factory) buildRESTConfig(ctx context.Context, cluster *kops.Cluster, options kubeconfig.CreateKubecfgOptions) (*rest.Config, error) {
 	clientset, err := f.KopsClient()
 	if err != nil {
 		return nil, err
@@ -274,9 +277,9 @@ func (f *Factory) buildRESTConfig(ctx context.Context, cluster *kops.Cluster) (*
 		return nil, err
 	}
 
-	// Generate a relatively short-lived certificate / kubeconfig
-	createKubecfgOptions := kubeconfig.CreateKubecfgOptions{
-		Admin: 1 * time.Hour,
+	// backwards compatibility
+	if options.Admin == 0 {
+		options.Admin = kubeconfig.DefaultKubecfgAdminLifetime
 	}
 
 	conf, err := kubeconfig.BuildKubecfg(
@@ -285,7 +288,7 @@ func (f *Factory) buildRESTConfig(ctx context.Context, cluster *kops.Cluster) (*
 		keyStore,
 		secretStore,
 		cloud,
-		createKubecfgOptions,
+		options,
 		f.KopsStateStore())
 	if err != nil {
 		return nil, err

diff --git a/docs/cli/kops_rolling-update_cluster.md b/docs/cli/kops_rolling-update_cluster.md