From cce0940e1f6b3a255fc8170a3cd4b0fdd109327f Mon Sep 17 00:00:00 2001
From: Sergey <s.bondarev@southbridge.ru>
Date: Fri, 9 Apr 2021 10:42:47 +0300
Subject: [PATCH] add CI test for auto_renew_certificates (#7472)

* add CI test for auto_renew_certificates

* change timer value

fix typo error in rotate cert script
---
 roles/kubernetes/control-plane/templates/k8s-certs-renew.sh.j2  | 2 +-
 .../kubernetes/control-plane/templates/k8s-certs-renew.timer.j2 | 2 +-
 tests/files/packet_centos7-calico-ha-once-localhost.yml         | 2 ++
 tests/files/packet_centos7-calico-ha.yml                        | 2 ++
 tests/files/packet_centos8-crio.yml                             | 2 ++
 tests/files/packet_debian10-containerd.yml                      | 2 ++
 tests/files/packet_debian9-macvlan.yml                          | 2 ++
 tests/files/packet_fedora33-calico.yml                          | 2 ++
 tests/files/packet_opensuse-canal.yml                           | 2 ++
 tests/files/packet_oracle7-canal-ha.yml                         | 2 ++
 tests/files/packet_ubuntu16-weave-sep.yml                       | 2 ++
 tests/files/packet_ubuntu18-cilium-sep.yml                      | 2 ++
 tests/files/packet_ubuntu20-calico-aio.yml                      | 2 ++
 13 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/roles/kubernetes/control-plane/templates/k8s-certs-renew.sh.j2 b/roles/kubernetes/control-plane/templates/k8s-certs-renew.sh.j2
index 89697635b..b3dae43cc 100644
--- a/roles/kubernetes/control-plane/templates/k8s-certs-renew.sh.j2
+++ b/roles/kubernetes/control-plane/templates/k8s-certs-renew.sh.j2
@@ -8,7 +8,7 @@ echo "## Renewing certificates managed by kubeadm ##"
 
 echo "## Restarting control plane pods managed by kubeadm ##"
 {% if container_manager == "docker" %}
-{{ docker_bin_dir }}/docker ps -af 'name=k8s_POD_(kube-apiserver|kube-controller-manager|kube-scheduler|etcd)-*' -q | /usr/bin/xargs {{ docker_bin_dir }}/docker rm -f"
+{{ docker_bin_dir }}/docker ps -af 'name=k8s_POD_(kube-apiserver|kube-controller-manager|kube-scheduler|etcd)-*' -q | /usr/bin/xargs {{ docker_bin_dir }}/docker rm -f
 {% else %}
 {{ bin_dir }}/crictl pods --namespace kube-system --name 'kube-scheduler-*|kube-controller-manager-*|kube-apiserver-*|etcd-*' -q | /usr/bin/xargs {{ bin_dir }}/crictl rmp -f
 {% endif %}
diff --git a/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2 b/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2
index 825d983c6..e58e92ff8 100644
--- a/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2
+++ b/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2
@@ -3,7 +3,7 @@ Description=Timer to renew K8S control plane certificates
 
 [Timer]
 # First Monday of each month
-OnCalendar=Mon *-*-1..7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00
+OnCalendar=Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00
 
 [Install]
 WantedBy=multi-user.target
diff --git a/tests/files/packet_centos7-calico-ha-once-localhost.yml b/tests/files/packet_centos7-calico-ha-once-localhost.yml
index 6a44c6d01..dc08a314b 100644
--- a/tests/files/packet_centos7-calico-ha-once-localhost.yml
+++ b/tests/files/packet_centos7-calico-ha-once-localhost.yml
@@ -13,3 +13,5 @@ typha_enabled: true
 calico_backend: kdd
 typha_secure: true
 disable_ipv6_dns: true
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_centos7-calico-ha.yml b/tests/files/packet_centos7-calico-ha.yml
index 526f12899..7e9ba1346 100644
--- a/tests/files/packet_centos7-calico-ha.yml
+++ b/tests/files/packet_centos7-calico-ha.yml
@@ -12,3 +12,5 @@ dns_min_replicas: 1
 typha_enabled: true
 calico_backend: kdd
 typha_secure: true
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_centos8-crio.yml b/tests/files/packet_centos8-crio.yml
index 5baaaf832..dda922343 100644
--- a/tests/files/packet_centos8-crio.yml
+++ b/tests/files/packet_centos8-crio.yml
@@ -13,3 +13,5 @@ etcd_deployment_type: host
 
 # required
 calico_iptables_backend: "Auto"
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_debian10-containerd.yml b/tests/files/packet_debian10-containerd.yml
index e4367e619..a6725bcb6 100644
--- a/tests/files/packet_debian10-containerd.yml
+++ b/tests/files/packet_debian10-containerd.yml
@@ -14,3 +14,5 @@ helm_enabled: true
 # https://gitlab.com/miouge/kubespray-ci/-/blob/a4fd5ed6857807f1c353cb60848aedebaf7d2c94/manifests/http-proxy.yml#L42
 http_proxy: http://172.30.30.30:8888
 https_proxy: http://172.30.30.30:8888
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_debian9-macvlan.yml b/tests/files/packet_debian9-macvlan.yml
index 01e4fc3fc..7a80202f6 100644
--- a/tests/files/packet_debian9-macvlan.yml
+++ b/tests/files/packet_debian9-macvlan.yml
@@ -10,3 +10,5 @@ enable_nodelocaldns: false
 dns_min_replicas: 1
 kube_proxy_masquerade_all: true
 macvlan_interface: "eth0"
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_fedora33-calico.yml b/tests/files/packet_fedora33-calico.yml
index 51b843d0c..0721734de 100644
--- a/tests/files/packet_fedora33-calico.yml
+++ b/tests/files/packet_fedora33-calico.yml
@@ -10,3 +10,5 @@ kube_network_plugin: calico
 
 # Only docker package 20.10 for Fedora33
 docker_version: '20.10'
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_opensuse-canal.yml b/tests/files/packet_opensuse-canal.yml
index a82a07cd4..aec66b88b 100644
--- a/tests/files/packet_opensuse-canal.yml
+++ b/tests/files/packet_opensuse-canal.yml
@@ -11,3 +11,5 @@ dns_min_replicas: 1
 
 # test Ambassador
 ingress_ambassador_enabled: true
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_oracle7-canal-ha.yml b/tests/files/packet_oracle7-canal-ha.yml
index 01ca011a5..993bcf3dd 100644
--- a/tests/files/packet_oracle7-canal-ha.yml
+++ b/tests/files/packet_oracle7-canal-ha.yml
@@ -9,3 +9,5 @@ kube_network_plugin: canal
 dynamic_kubelet_configuration: true
 deploy_netchecker: true
 dns_min_replicas: 1
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_ubuntu16-weave-sep.yml b/tests/files/packet_ubuntu16-weave-sep.yml
index db23cd647..72073d088 100644
--- a/tests/files/packet_ubuntu16-weave-sep.yml
+++ b/tests/files/packet_ubuntu16-weave-sep.yml
@@ -7,3 +7,5 @@ mode: separate
 kube_network_plugin: weave
 deploy_netchecker: true
 dns_min_replicas: 1
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_ubuntu18-cilium-sep.yml b/tests/files/packet_ubuntu18-cilium-sep.yml
index df6caaea9..394df8c61 100644
--- a/tests/files/packet_ubuntu18-cilium-sep.yml
+++ b/tests/files/packet_ubuntu18-cilium-sep.yml
@@ -8,3 +8,5 @@ kube_network_plugin: cilium
 deploy_netchecker: true
 enable_network_policy: true
 dns_min_replicas: 1
+
+auto_renew_certificates: true
diff --git a/tests/files/packet_ubuntu20-calico-aio.yml b/tests/files/packet_ubuntu20-calico-aio.yml
index 7f0b73ad7..2e711dab3 100644
--- a/tests/files/packet_ubuntu20-calico-aio.yml
+++ b/tests/files/packet_ubuntu20-calico-aio.yml
@@ -12,3 +12,5 @@ dns_min_replicas: 1
 # Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko
 kube_proxy_mode: iptables
 enable_nodelocaldns: False
+
+auto_renew_certificates: true
-- 
GitLab