From bf6a39eb841edbd86c92f747b87bffe836121946 Mon Sep 17 00:00:00 2001
From: Etienne Champetier <e.champetier@ateme.com>
Date: Mon, 12 Apr 2021 12:47:45 -0400
Subject: [PATCH] Add auto_renew_certificates_systemd_calendar (#7490)

This allow to configure when K8S certificates renewal runs

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
---
 inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml        | 2 ++
 roles/kubernetes/control-plane/defaults/main/main.yml          | 2 ++
 .../control-plane/templates/k8s-certs-renew.timer.j2           | 3 +--
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
index 8f2fca3da..12699dba1 100644
--- a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
@@ -306,3 +306,5 @@ event_ttl_duration: "1h0m0s"
 
 ## Automatically renew K8S control plane certificates on first Monday of each month
 auto_renew_certificates: false
+# First Monday of each month
+# auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00"
diff --git a/roles/kubernetes/control-plane/defaults/main/main.yml b/roles/kubernetes/control-plane/defaults/main/main.yml
index 291678e1e..7d205e7a3 100644
--- a/roles/kubernetes/control-plane/defaults/main/main.yml
+++ b/roles/kubernetes/control-plane/defaults/main/main.yml
@@ -191,3 +191,5 @@ event_ttl_duration: "1h0m0s"
 
 ## Automatically renew K8S control plane certificates on first Monday of each month
 auto_renew_certificates: false
+# First Monday of each month
+auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00"
diff --git a/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2 b/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2
index e58e92ff8..904f0073c 100644
--- a/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2
+++ b/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2
@@ -2,8 +2,7 @@
 Description=Timer to renew K8S control plane certificates
 
 [Timer]
-# First Monday of each month
-OnCalendar=Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00
+OnCalendar={{ auto_renew_certificates_systemd_calendar }}
 
 [Install]
 WantedBy=multi-user.target