KCP should avoid to reconcile certificates too early

kubernetes-sigs · Dec 13, 2022 · ba85c18 · ba85c18
1 parent 3b886d7
commit ba85c18
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/controlplane/kubeadm/internal/controllers/controller.go b/controlplane/kubeadm/internal/controllers/controller.go
@@ -621,6 +621,11 @@ func (r *KubeadmControlPlaneReconciler) reconcileCertificateExpiries(ctx context
 		return ctrl.Result{}, nil
 	}
 
+	// Return if KCP is not yet initialized (no API server to contact for checking certificate expiration).
+	if !controlPlane.KCP.Status.Initialized {
+		return ctrl.Result{}, nil
+	}
+
 	// Ignore machines which are being deleted.
 	machines := controlPlane.Machines.Filter(collections.Not(collections.HasDeletionTimestamp))
 

diff --git a/controlplane/kubeadm/internal/controllers/controller_test.go b/controlplane/kubeadm/internal/controllers/controller_test.go
@@ -918,7 +918,9 @@ func TestReconcileCertificateExpiries(t *testing.T) {
 	detectedExpiry := time.Now().Add(25 * 24 * time.Hour)
 
 	cluster := newCluster(&types.NamespacedName{Name: "foo", Namespace: metav1.NamespaceDefault})
-	kcp := &controlplanev1.KubeadmControlPlane{}
+	kcp := &controlplanev1.KubeadmControlPlane{
+		Status: controlplanev1.KubeadmControlPlaneStatus{Initialized: true},
+	}
 	machineWithoutExpiryAnnotation := &clusterv1.Machine{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "machineWithoutExpiryAnnotation",