fix: front-proxy certs updated by rotate-certs

[jadarsie]

Reason for Change:

aks-engine rotate-certs is not rotating the front-proxy certs.

AKS Engine creates a separate PKI for the front-proxy as part of node bootstrapping process and delivers them to all nodes through etcd. To effectively reuse this functionality, rotate-certs has to replace the certs stored in etcd.

Also, front-proxy certs now expire after 30 years.

Issue Fixed:

Fixes #4463

Credit Where Due:

Does this change contain code from or inspired by another project?

• No
• Yes

Requirements:

• uses conventional commit messages
• includes documentation
• adds unit tests
• tested upgrade from previous version

Notes:

[acs-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jadarsie

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jadarsie]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov]

Codecov Report

Merging #4467 (16437ae) into master (60828c7) will increase coverage by 0.00%.
The diff coverage is 71.42%.

@@           Coverage Diff            @@
##           master    #4467    +/-   ##
========================================
  Coverage   72.04%   72.05%            
========================================
  Files         141      141            
  Lines       21631    21765   +134     
========================================
+ Hits        15584    15682    +98     
- Misses       5096     5131    +35     
- Partials      951      952     +1     

Impacted Files	Coverage Δ
cmd/rotate_certs.go	11.03% <0.00%> (ø)
cmd/upgrade.go	35.92% <0.00%> (ø)
pkg/api/common/versions.go	96.37% <ø> (ø)
pkg/api/types.go	92.85% <ø> (ø)
pkg/api/vlabs/types.go	73.04% <ø> (ø)
pkg/engine/templates_generated.go	43.31% <ø> (ø)
pkg/engine/template_generator.go	66.37% <11.53%> (-2.17%)	⬇️
cmd/get_logs.go	49.57% <30.43%> (-1.79%)	⬇️
pkg/api/addons.go	98.01% <100.00%> (ø)
pkg/api/converterfromapi.go	95.71% <100.00%> (+<0.01%)	⬆️
... and 5 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 63df692...16437ae. Read the comment docs.

[jackfrancis]

so the idea is that only one control plane node will update the cert, and we are doing this operation serially so the remaining control plane nodes will perform a successful etcdctl get?

[jadarsie]

Correct, it is serial and ordered (master-0 comes first). See the second commit for context/clarification.

[jackfrancis]

let's use [[ (double brackets) and == (double-equal for equality comparison) to be consistent with the surrounding bash