[DO NOT MERGE] Debug PR change loadbalancer-serving-signer validity

[sergiordlr]

/hold

debug

[coderabbitai]

Walkthrough

The pull request modifies certificate validity duration in two cert rotation configurations from effectively infinite (foreverPeriod) to 2 hours (time.Hour*2) within a single file. This adjusts the certificate rotation timing mechanism. No functional logic, error handling, or control flow changes are introduced.

Changes

Cohort / File(s)	Summary
Certificate Rotation Configuration pkg/operator/certrotationcontroller/certrotationcontroller.go	Modified Validity field for two cert rotation configurations from foreverPeriod to time.Hour*2, reducing the certificate validity window from multi-year to 2 hours. This impacts certificate rotation timing while leaving all other rotation metadata unchanged.
Package Manifest package.json	Minor dependency or version metadata update (1 line added, 1 line removed).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sergiordlr
Once this PR has been reviewed and has the lgtm label, please assign p0lyn0mial for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

pkg/operator/certrotationcontroller/certrotationcontroller.go (1)

489-494: ⚠️ Potential issue | 🔴 Critical

Critical: Validity/Refresh mismatch will prevent proper certificate rotation.

Validity is set to 2 hours but Refresh remains at foreverRefreshPeriod (8 years). The refresh period must be shorter than validity for the rotation controller to regenerate certificates before they expire. This configuration will cause certificates to expire without being refreshed, breaking API server connections via the internal load balancer.

Additionally:

• The comment on lines 490-493 ("rotation will be after 8y") is now stale and misleading.
• The inline comment "this comes from the installer" no longer applies.

If this is intentional debug code (per PR title), ensure Refresh is also reduced proportionally (e.g., time.Hour for 50% of validity).

Suggested fix if debug rotation is intended

-			Validity: time.Hour * 2, // this comes from the installer
-			// Refresh set to 80% of the validity.
-			// This range is consistent with most other signers defined in this pkg.
-			// Given that in this case rotation will be after 8y,
-			// it means we effectively do not rotate.
-			Refresh:                foreverRefreshPeriod,
+			Validity: time.Hour * 2, // DEBUG: shortened for testing
+			// Refresh set to 50% of the validity for debug rotation.
+			Refresh:                time.Hour,

[openshift-ci]

@sergiordlr: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-gcp-operator	570dfdd	link	true	/test e2e-gcp-operator

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.