zookeeper - fix certificates duration bump of version v0.0.42 was par…

…tially handled

This was due to a missing removal of the corresponding `Secrets` resources.

Also bump duration to 30 years instead of 25 years.

Change-Id: Ic5a12983316748beb16099a1fbf506df8d919e68

controllers/libs/cert/certificates.go

@@ -17,7 +17,7 @@ const (
 	LocalCACertSecretName = "ca-cert"
 )
 
-var EonDuration, _ = time.ParseDuration("219000h") // 25 years
+var EonDuration, _ = time.ParseDuration("262800h") // 30 years
 
 func MkBaseCertificate(name string, ns string, issuerName string,
 	dnsNames []string, secretName string, isCA bool, duration time.Duration,

controllers/softwarefactory_controller.go

@@ -106,7 +106,7 @@ func (r *SFController) cleanup() {
 	caCert := certv1.Certificate{}
 	if r.GetM(cert.LocalCACertSecretName, &caCert) {
 		// Here we are detecting the previous version duration to ensure we have to run the cleanup
-		prevDuration, _ := time.ParseDuration("87600h") // 10y
+		prevDuration, _ := time.ParseDuration("219000h") // 25y
 		if caCert.Spec.Duration.Duration.String() == prevDuration.String() {
 			for _, name := range []string{"zookeeper-server", "zookeeper-client", "ca-cert"} {
 				// remove invalid certificate resource
@@ -117,6 +117,15 @@ func (r *SFController) cleanup() {
 					},
 				})
 			}
+			for _, name := range []string{"zookeeper-server-tls", "zookeeper-client-tls", "ca-cert"} {
+				// Remove matching secrets
+				r.DeleteR(&corev1.Secret{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      name,
+						Namespace: r.ns,
+					},
+				})
+			}
 		}
 	}
 

doc/reference/CHANGELOG.md

@@ -7,7 +7,13 @@ All notable changes to this project will be documented in this file.
 ### Added
 ### Removed
 ### Changed
+
+- zookeeper - increase certificate validity duration to 30 years
+
 ### Fixed
+
+- zookeeper - certificates duration bump of version v0.0.42 was partially handled due to a missing removal of the corresponding `Secrets` resources. 
+
 ### Security
 
 ## [v0.0.42] - 2024-09-12