# API for certificate renewal in KCP ### Option 1 ```yaml= kind: KubeadmControlPlaneTemplate apiVersion: controlplane.cluster.x-k8s.io/v1beta1 metadata: name: "kcp-name" spec: rolloutIfCertificatesExpireWithinDays: 21 # 3 weeks rolloutBefore: certificatesExpiryDays: 21 # minimum of 7d rolloutAfter: "2020-01-01T00:00:00Z" rolloutStrategy: type: rollingUpdate rollingUpdate: maxSurge: 1 ``` Other alternatives for the field name: * RolloutBeforeCertificatesExpireDays * RolloutDaysBeforeCertificatesExpire * RolloutIfCertificatesExpireInDays * RolloutIfCertificatesExpireAfterDays * RolloutIfCertificatesExpiryDurationBelowDays * RolloutIfCertificatesExpiryWithinDays ### Option 2 **Start Here in `v1beta1`:** ```yaml= kind: KubeadmControlPlaneTemplate apiVersion: controlplane.cluster.x-k8s.io/v1beta1 metadata: name: "kcp-name" spec: rolloutAfter: "2020-01-01T00:00:00Z" rolloutStrategy: type: rollingUpdate rollingUpdate: maxSurge: 1 rollout: if: certificateExpireWithinDays: 21 # 3 weeks ``` **Get here in `v1beta2`:** ```yaml= kind: KubeadmControlPlaneTemplate apiVersion: controlplane.cluster.x-k8s.io/v1beta1 metadata: name: "kcp-name" spec: rollout: if: certificateExpireWithinDays: timeGreaterThan: # This is equivalent to rollout after (or better names) strategy: type: rollingUpdate rollingUpdate: maxSurge: 1 # ... everything else (in-the-future strategies) can sit here ``` ### Option 3 ```yaml= ```