From 9c74581ff229eba6ef7bb4ec5cfc8a9531c5c924 Mon Sep 17 00:00:00 2001
From: 24sama <jacksama@foxmail.com>
Date: Fri, 6 May 2022 10:41:26 +0800
Subject: [PATCH] add an option to control k8s certs auto-renew script

Signed-off-by: 24sama <jacksama@foxmail.com>
---
 apis/kubekey/v1alpha2/kubernetes_types.go     | 8 ++++++++
 docs/config-example.md                        | 4 +++-
 pkg/certs/module.go                           | 5 +++++
 pkg/config/templates/cluster.go               | 1 +
 pkg/pipelines/add_nodes.go                    | 4 ++--
 pkg/pipelines/create_cluster.go               | 3 ++-
 pkg/pipelines/upgrade_cluster.go              | 2 +-
 pkg/version/kubesphere/templates/installer.go | 2 --
 8 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/apis/kubekey/v1alpha2/kubernetes_types.go b/apis/kubekey/v1alpha2/kubernetes_types.go
index b69cefc9..1d67f3cf 100644
--- a/apis/kubekey/v1alpha2/kubernetes_types.go
+++ b/apis/kubekey/v1alpha2/kubernetes_types.go
@@ -29,6 +29,7 @@ type Kubernetes struct {
 	NodeCidrMaskSize       int      `yaml:"nodeCidrMaskSize" json:"nodeCidrMaskSize,omitempty"`
 	ApiserverCertExtraSans []string `yaml:"apiserverCertExtraSans" json:"apiserverCertExtraSans,omitempty"`
 	ProxyMode              string   `yaml:"proxyMode" json:"proxyMode,omitempty"`
+	AutoRenewCerts         *bool    `yaml:"autoRenewCerts" json:"autoRenewCerts,omitempty"`
 	// +optional
 	Nodelocaldns             *bool                `yaml:"nodelocaldns" json:"nodelocaldns,omitempty"`
 	ContainerManager         string               `yaml:"containerManager" json:"containerManager,omitempty"`
@@ -78,3 +79,10 @@ func (k *Kubernetes) EnableNodeFeatureDiscovery() bool {
 	}
 	return *k.NodeFeatureDiscovery.Enabled
 }
+
+func (k *Kubernetes) EnableAutoRenewCerts() bool {
+	if k.AutoRenewCerts == nil {
+		return false
+	}
+	return *k.AutoRenewCerts
+}
diff --git a/docs/config-example.md b/docs/config-example.md
index c472c97e..6f02c0c4 100644
--- a/docs/config-example.md
+++ b/docs/config-example.md
@@ -23,14 +23,16 @@ spec:
     address: ""      # The IP address of your load balancer.
     port: 6443
   system:
-    ntpServers: #  The ntp servers of chrony, set the node name in `hosts` as ntp servers if no public ntp servers access.
+    ntpServers: #  The ntp servers of chrony.
       - time1.cloud.tencent.com
       - ntp.aliyun.com
+      - node1 # Set the node name in `hosts` as ntp server if no public ntp servers access.
     timezone: "Asia/Shanghai"
   kubernetes:
     version: v1.21.5
     imageRepo: kubesphere
     clusterName: cluster.local
+    autoRenewCerts: true # Whether to install a script which can automatically renew the Kubernetes control plane certificates. [Default: false]
     masqueradeAll: false  # masqueradeAll tells kube-proxy to SNAT everything if using the pure iptables proxy mode. [Default: false].
     maxPods: 110  # maxPods is the number of Pods that can run on this Kubelet. [Default: 110]
     nodeCidrMaskSize: 24  # The internal network node size allocation. This is the size allocated to each node on your network. [Default: 24]
diff --git a/pkg/certs/module.go b/pkg/certs/module.go
index e49453cd..97d3857c 100644
--- a/pkg/certs/module.go
+++ b/pkg/certs/module.go
@@ -127,6 +127,11 @@ func (r *RenewCertsModule) Init() {
 
 type AutoRenewCertsModule struct {
 	common.KubeModule
+	Skip bool
+}
+
+func (a *AutoRenewCertsModule) IsSkip() bool {
+	return a.Skip
 }
 
 func (a *AutoRenewCertsModule) Init() {
diff --git a/pkg/config/templates/cluster.go b/pkg/config/templates/cluster.go
index d71245db..50ad6ca8 100644
--- a/pkg/config/templates/cluster.go
+++ b/pkg/config/templates/cluster.go
@@ -53,6 +53,7 @@ spec:
   kubernetes:
     version: {{ .Options.KubeVersion }}
     clusterName: cluster.local
+    autoRenewCerts: true
   etcd:
     type: kubekey
   network:
diff --git a/pkg/pipelines/add_nodes.go b/pkg/pipelines/add_nodes.go
index bde8a071..2c32f6f9 100644
--- a/pkg/pipelines/add_nodes.go
+++ b/pkg/pipelines/add_nodes.go
@@ -65,7 +65,7 @@ func NewAddNodesPipeline(runtime *common.KubeRuntime) error {
 		&loadbalancer.HaproxyModule{Skip: !runtime.Cluster.ControlPlaneEndpoint.IsInternalLBEnabled()},
 		&kubernetes.ConfigureKubernetesModule{},
 		&filesystem.ChownModule{},
-		&certs.AutoRenewCertsModule{},
+		&certs.AutoRenewCertsModule{Skip: !runtime.Cluster.Kubernetes.EnableAutoRenewCerts()},
 	}
 
 	p := pipeline.Pipeline{
@@ -118,7 +118,7 @@ func NewK3sAddNodesPipeline(runtime *common.KubeRuntime) error {
 		&loadbalancer.K3sHaproxyModule{Skip: !runtime.Cluster.ControlPlaneEndpoint.IsInternalLBEnabled()},
 		&kubernetes.ConfigureKubernetesModule{},
 		&filesystem.ChownModule{},
-		&certs.AutoRenewCertsModule{},
+		&certs.AutoRenewCertsModule{Skip: !runtime.Cluster.Kubernetes.EnableAutoRenewCerts()},
 	}
 
 	p := pipeline.Pipeline{
diff --git a/pkg/pipelines/create_cluster.go b/pkg/pipelines/create_cluster.go
index 61681bd4..49624194 100644
--- a/pkg/pipelines/create_cluster.go
+++ b/pkg/pipelines/create_cluster.go
@@ -85,7 +85,7 @@ func NewCreateClusterPipeline(runtime *common.KubeRuntime) error {
 		&network.DeployNetworkPluginModule{},
 		&kubernetes.ConfigureKubernetesModule{},
 		&filesystem.ChownModule{},
-		&certs.AutoRenewCertsModule{},
+		&certs.AutoRenewCertsModule{Skip: !runtime.Cluster.Kubernetes.EnableAutoRenewCerts()},
 		&kubernetes.SaveKubeConfigModule{},
 		&plugins.DeployPluginsModule{},
 		&addons.AddonsModule{},
@@ -176,6 +176,7 @@ func NewK3sCreateClusterPipeline(runtime *common.KubeRuntime) error {
 		&network.DeployNetworkPluginModule{},
 		&kubernetes.ConfigureKubernetesModule{},
 		&filesystem.ChownModule{},
+		&certs.AutoRenewCertsModule{Skip: !runtime.Cluster.Kubernetes.EnableAutoRenewCerts()},
 		&k3s.SaveKubeConfigModule{},
 		&addons.AddonsModule{},
 		&storage.DeployLocalVolumeModule{Skip: skipLocalStorage},
diff --git a/pkg/pipelines/upgrade_cluster.go b/pkg/pipelines/upgrade_cluster.go
index 6effbfe2..996babdc 100644
--- a/pkg/pipelines/upgrade_cluster.go
+++ b/pkg/pipelines/upgrade_cluster.go
@@ -53,7 +53,7 @@ func NewUpgradeClusterPipeline(runtime *common.KubeRuntime) error {
 		&kubernetes.SetUpgradePlanModule{Step: kubernetes.ToV122},
 		&kubernetes.ProgressiveUpgradeModule{Step: kubernetes.ToV122},
 		&filesystem.ChownModule{},
-		&certs.AutoRenewCertsModule{},
+		&certs.AutoRenewCertsModule{Skip: !runtime.Cluster.Kubernetes.EnableAutoRenewCerts()},
 	}
 
 	p := pipeline.Pipeline{
diff --git a/pkg/version/kubesphere/templates/installer.go b/pkg/version/kubesphere/templates/installer.go
index 90ffcbd8..05d83161 100644
--- a/pkg/version/kubesphere/templates/installer.go
+++ b/pkg/version/kubesphere/templates/installer.go
@@ -305,12 +305,10 @@ spec:
   selector:
     matchLabels:
       app: ks-install
-      version: {{ .Tag }}
   template:
     metadata:
       labels:
         app: ks-install
-        version: {{ .Tag }}
     spec:
       serviceAccountName: ks-installer
       containers: