Address review comments

Author: Karthik-K-N

api/bootstrap/kubeadm/v1beta2/kubeadm_types.go

@@ -181,18 +181,20 @@ type ClusterConfiguration struct {
 	// +optional
 	FeatureGates map[string]bool `json:"featureGates,omitempty"`
 
-	// certificateValidityPeriodDays specifies the validity period for a non-CA certificate generated by kubeadm.
-	// If not specified, kubeadm will use a default of 3650 days (10 years).
+	// certificateValidityPeriodDays specifies the validity period for non-CA certificates generated by kubeadm.
+	// If not specified, kubeadm will use a default of 365 days (1 year).
 	// +optional
 	// +kubebuilder:validation:Minimum=1
-	// +kubebuilder:validation:Maximum=10950
+	// +kubebuilder:validation:Maximum=1095
 	CertificateValidityPeriodDays int32 `json:"certificateValidityPeriodDays,omitempty"`
 
-	// caCertificateValidityPeriodDays specifies the validity period for a CA certificate generated by kubeadm.
-	// If not specified, kubeadm will use a default of 3650 days (10 years).
+	// caCertificateValidityPeriodDays specifies the validity period for CA certificates generated by kubeadm.
+	// If not specified, Cluster API will use a default of 3650 days (10 years).
+	// This field cannot be modified.
+	// This field is only supported with Kubernetes v1.31 or above.
 	// +optional
 	// +kubebuilder:validation:Minimum=1
-	// +kubebuilder:validation:Maximum=10950
+	// +kubebuilder:validation:Maximum=36500
 	CACertificateValidityPeriodDays int32 `json:"caCertificateValidityPeriodDays,omitempty"`
 }
 

api/controlplane/kubeadm/v1beta1/conversion_test.go

@@ -122,10 +122,6 @@ func hubKubeadmConfigSpec(in *bootstrapv1.KubeadmConfigSpec, c randfill.Continue
 		}
 		in.JoinConfiguration.Timeouts.ControlPlaneComponentHealthCheckSeconds = initControlPlaneComponentHealthCheckSeconds
 	}
-	if in.ClusterConfiguration != nil {
-		in.ClusterConfiguration.CertificateValidityPeriodDays = 0
-		in.ClusterConfiguration.CACertificateValidityPeriodDays = 0
-	}
 }
 
 func hubNodeRegistrationOptions(in *bootstrapv1.NodeRegistrationOptions, c randfill.Continue) {

api/core/v1beta2/conversion.go

@@ -104,26 +104,3 @@ func Convert_Duration_To_Pointer_int32(in metav1.Duration, hasRestored bool, res
 	// Otherwise, if the value is not 0, convert to *value.
 	*out = ConvertToSeconds(&in)
 }
-
-// ConvertToDays takes *metav1.Duration and returns a *int32.
-// Durations longer than MaxInt32 are capped.
-// NOTE: this is a util function intended only for usage in API conversions.
-func ConvertToDays(in *metav1.Duration) *int32 {
-	if in == nil {
-		return nil
-	}
-	hours := math.Trunc(in.Hours())
-	if hours > math.MaxInt32 {
-		return ptr.To[int32](math.MaxInt32)
-	}
-	return ptr.To(int32(hours / 24))
-}
-
-// ConvertFromDays takes *int32 and returns a *metav1.Duration.
-// NOTE: this is a util function intended only for usage in API conversions.
-func ConvertFromDays(in *int32) *metav1.Duration {
-	if in == nil {
-		return nil
-	}
-	return ptr.To(metav1.Duration{Duration: time.Duration(*in) * time.Hour * 24})
-}

bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigs.yaml

@@ -100,9 +100,8 @@ func spokeClusterConfigurationFuzzer(obj *ClusterConfiguration, c randfill.Conti
 
 	obj.Proxy = Proxy{}
 	obj.EncryptionAlgorithm = ""
-
-	obj.CertificateValidityPeriod = ptr.To[metav1.Duration](metav1.Duration{Duration: time.Duration(c.Int31()%24+1) * time.Hour * 24})
-	obj.CACertificateValidityPeriod = ptr.To[metav1.Duration](metav1.Duration{Duration: time.Duration(c.Int31()%24+1) * time.Hour * 24})
+	obj.CertificateValidityPeriod = ptr.To[metav1.Duration](metav1.Duration{Duration: time.Duration(c.Int31n(3*365)+1) * time.Hour * 24})
+	obj.CACertificateValidityPeriod = ptr.To[metav1.Duration](metav1.Duration{Duration: time.Duration(c.Int31n(100*365)+1) * time.Hour * 24})
 
 	// Drop the following fields as they have been removed in v1beta2, so we don't have to preserve them.
 	obj.Networking.ServiceSubnet = ""
@@ -215,6 +214,6 @@ func hubNodeRegistrationOptionsFuzzer(obj *bootstrapv1.NodeRegistrationOptions,
 func hubClusterConfigurationFuzzer(obj *bootstrapv1.ClusterConfiguration, c randfill.Continue) {
 	c.FillNoCustom(obj)
 
-	obj.CertificateValidityPeriodDays %= 24
-	obj.CACertificateValidityPeriodDays %= 24
+	obj.CertificateValidityPeriodDays = c.Int31n(3*365 + 1)
+	obj.CACertificateValidityPeriodDays = c.Int31n(100*365 + 1)
 }

bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigtemplates.yaml

@@ -337,6 +337,8 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) {
 							ImageTag:        "1.6.5",
 						},
 					},
+					CertificateValidityPeriodDays:   365,
+					CACertificateValidityPeriodDays: 365,
 				},
 				JoinConfiguration: &bootstrapv1.JoinConfiguration{
 					NodeRegistration: bootstrapv1.NodeRegistrationOptions{