diff --git a/cmd/main.go b/cmd/main.go index 9fd21517..70013851 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -40,9 +40,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log/zap" ) -// The ratio determines what is the minimal time that needs to pass to rotate certificate. -const minimalRotationTimeRatio = 0.6 - var ( scheme = runtime.NewScheme() //nolint:gochecknoglobals setupLog = ctrl.Log.WithName("setup") //nolint:gochecknoglobals @@ -55,6 +52,7 @@ func init() { //+kubebuilder:scaffold:scheme } +const defaultMinimalRotationTimeRatio = 0.6 const defaultExpirationTime = 24 * time.Hour func main() { @@ -63,6 +61,7 @@ func main() { var probeAddr string var gardenerKubeconfigPath string var gardenerProjectName string + var minimalRotationTimeRatio float64 var expirationTime time.Duration flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") @@ -72,6 +71,7 @@ func main() { "Enabling this will ensure there is only one active controller manager.") flag.StringVar(&gardenerKubeconfigPath, "gardener-kubeconfig-path", "/gardener/kubeconfig/kubeconfig", "Kubeconfig file for Gardener cluster") flag.StringVar(&gardenerProjectName, "gardener-project-name", "gardener-project", "Name of the Gardener project") + flag.Float64Var(&minimalRotationTimeRatio, "minimal-rotation-time", defaultMinimalRotationTimeRatio, "The ratio determines what is the minimal time that needs to pass to rotate certificate.") flag.DurationVar(&expirationTime, "kubeconfig-expiration-time", defaultExpirationTime, "Dynamic kubeconfig expiration time") opts := zap.Options{ diff --git a/config/default/manager_gardener_secret_patch.yaml b/config/default/manager_gardener_secret_patch.yaml index d380b59c..2ede9e0d 100644 --- a/config/default/manager_gardener_secret_patch.yaml +++ b/config/default/manager_gardener_secret_patch.yaml @@ -21,6 +21,7 @@ spec: - --gardener-kubeconfig-path=/gardener/credentials/kubeconfig - --gardener-project-name=kyma-dev - --kubeconfig-expiration-time=24h + - --minimal-rotation-time=0.6 volumeMounts: - name: gardener-kubeconfig mountPath: /gardener/credentials