✨ MHC to mark CP machines as unhealthy when certificates are about to expire

[ykakarap]

What this PR does / why we need it:

This PR add MachineHealthCheck support to make controlplane machines whose certificate are not valid for more than a min duration specified as unhealthy which trigger a rollout.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged): Fixes #6529

[ykakarap]

/retitle ✨ [WIP] Automatically renew control plane machine certificates before expiration through machine repave

[sbueringer]

Reviewed the delta, looks good so far. Once we finalized the API and the PR is otherwise ready I would do some in-depth manual testing and another detailed review

[sbueringer]

This looks pretty good!

Only nits, except (potentially) https://github.com/kubernetes-sigs/cluster-api/pull/6983#discussion_r968486156

[sbueringer]

Great work!

lgtm pending squash

[ykakarap]

Squashed.

[sbueringer]

Thx!

/lgtm

[sbueringer]

lgtm pending squash

[ykakarap]

Squashed.

[fabriziopandini]

great job! this is a long-awaited feature for many CAPI users /lgtm

[sbueringer]

Great work!

/approve

Would be good to surface this feature somewhere in our book

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sbueringer

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• ~~OWNERS~~ [sbueringer]

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

[fabriziopandini]

Would be good to surface this feature somewhere in our book

@ykakarap do you mind opening an issue for this?

[ykakarap]

Would be good to surface this feature somewhere in our book

@ykakarap do you mind opening an issue for this?

Issue: https://github.com/kubernetes-sigs/cluster-api/issues/7247