Merge pull request #52115 from jcbsmpsn/flag-enable-kubelet-certificate-rotation

Automatic merge from submit-queue (batch tested with PRs 52452, 52115, 52260, 52290)

Add env var to enable kubelet rotation in kube-up.sh.

Fixes https://github.com/kubernetes/kubernetes/issues/52114

```release-note
Adds ROTATE_CERTIFICATES environment variable to kube-up.sh script for GCE
clusters. When that var is set to true, the command line flag enabling kubelet
client certificate rotation will be added to the kubelet command line.
```

cluster/common.sh

@@ -765,6 +765,11 @@ EOF
   if [ -n "${FEATURE_GATES:-}" ]; then
     cat >>$file <<EOF
 FEATURE_GATES: $(yaml-quote ${FEATURE_GATES})
+EOF
+  fi
+  if [ -n "${ROTATE_CERTIFICATES:-}" ]; then
+    cat >>$file <<EOF
+ROTATE_CERTIFICATES: $(yaml-quote ${ROTATE_CERTIFICATES})
 EOF
   fi
   if [[ "${master}" == "true" && "${MASTER_OS_DISTRIBUTION}" == "gci" ]] ||

cluster/gce/config-default.sh

@@ -321,3 +321,6 @@ ENABLE_POD_PRIORITY="${ENABLE_POD_PRIORITY:-}"
 if [[ "${ENABLE_POD_PRIORITY}" == "true" ]]; then
     FEATURE_GATES="${FEATURE_GATES},PodPriority=true"
 fi
+
+# Optional: enable certificate rotation of the kubelet certificates.
+ROTATE_CERTIFICATES="${ROTATE_CERTIFICATES:-}"

cluster/gce/config-test.sh

@@ -375,3 +375,6 @@ ENABLE_POD_PRIORITY="${ENABLE_POD_PRIORITY:-}"
 if [[ "${ENABLE_POD_PRIORITY}" == "true" ]]; then
     FEATURE_GATES="${FEATURE_GATES},PodPriority=true"
 fi
+
+# Optional: enable certificate rotation of the kubelet certificates.
+ROTATE_CERTIFICATES="${ROTATE_CERTIFICATES:-}"

cluster/gce/gci/configure-helper.sh

@@ -971,6 +971,9 @@ function start-kubelet {
   if [[ -n "${FEATURE_GATES:-}" ]]; then
     flags+=" --feature-gates=${FEATURE_GATES}"
   fi
+  if [[ -n "${ROTATE_CERTIFICATES:-}" ]]; then
+    flags+=" --rotate-certificates=true"
+  fi
 
   local -r kubelet_env_file="/etc/default/kubelet"
   echo "KUBELET_OPTS=\"${flags}\"" > "${kubelet_env_file}"