Skip to content

✨ Add EncryptionAlgorithm to Kubeadmconfig #12859

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

✨ Add EncryptionAlgorithm to Kubeadmconfig #12859

wants to merge 8 commits into from
+357 −77

Conversation

@Karthik-K-N
Copy link
Contributor

What this PR does / why we need it:

This PR adds EncryptionAlgorithm to KubeadmConfig and necessary changes

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes ##10077

/area provider/bootstrap-kubeadm

@k8s-ci-robot k8s-ci-robot added area/provider/bootstrap-kubeadm Issues or PRs related to CAPBK cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Oct 15, 2025
@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Oct 15, 2025
@Karthik-K-N
Copy link
Contributor Author

Need to add Unit test cases and fix existing tests

Not super confident about the changes, Have broken some interfaces as well, Based on the initial review and if the path chosen is correct, I will update accordingly.

@sbueringer Please take a look when time permits.

sbueringer
sbueringer reviewed Oct 16, 2025
View reviewed changes
Copy link
Member

@sbueringer sbueringer left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thx! I think I covered the open points, but just ping me if you want to discuss anything else.

Definitely feel free to ping me again after the next iteration on the prod code for another quick review

controlplane/kubeadm/internal/controllers/controller.go Outdated

// Generate Cluster Kubeconfig if needed
if result, err := r.reconcileKubeconfig(ctx, controlPlane); !result.IsZero() || err != nil {
if result, err := r.reconcileKubeconfig(ctx, controlPlane); err != nil || !result.IsZero() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please revert this one

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reverted it.

May not be either needed or relevant wrt to this PR, but I feel its better to maintain a standard for this, I see some places
!result.IsZero() || err != nil and in some other err != nil || !result.IsZero()
IDE suggesting to check error first

Copy link
Member

@sbueringer sbueringer Oct 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it. Makes sense and I agree with checking error first. Let's just do this everywhere and in a separate PR.

Feel free to open a PR, but please on top of #12857 / or after 12857 is merged (I get rid of some of these cases in that PR)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, I will do it later. Thank you.

@Karthik-K-N
Copy link
Contributor Author

@sbueringer thanks for the review, I have updated accordingly and ready for next round of review. Please take a look when time permints.

I tried in the approach of changing the existing thing rather than avoiding the breakage for users, I will remember it for the next time. Thanks

@sbueringer
Copy link
Member

I tried in the approach of changing the existing thing rather than avoiding the breakage for users, I will remember it for the next time. Thanks

All good. I think it's a bit of a trade-off and probably also a case-by-case decision. Thx for asking for early feedback! I'll take another look

sbueringer
sbueringer reviewed Oct 20, 2025
View reviewed changes
@sbueringer
Copy link
Member

Did another quick round of review. I think the e2e test failure might just be a flake but let's see

/retest

If tests are green and the findings above are addressed I would do a full review (just need a bigger block of time for that)

sbueringer
sbueringer reviewed Oct 20, 2025
View reviewed changes
fabriziopandini
fabriziopandini reviewed Oct 21, 2025
View reviewed changes
controlplane/kubeadm/internal/cluster_test.go Outdated
g.Expect(err).ToNot(HaveOccurred())

workloadCluster, err := m.GetWorkloadCluster(ctx, tt.clusterKey)
workloadCluster, err := m.GetWorkloadCluster(ctx, tt.clusterKey, "")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's use the default encryption algo instead of ""

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 22, 2025
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 23, 2025
@Karthik-K-N
Copy link
Contributor Author

Some misconfiguration, will check
https://storage.googleapis.com/kubernetes-ci-logs/pr-logs/pull/kubernetes-sigs_cluster-api/12859/pull-cluster-api-e2e-blocking-main/1981193968041332736/artifacts/clusters/bootstrap/logs/capi-system/capi-controller-manager/capi-controller-manager-7678cb554b-phkfl/manager.log

2025-10-23T03:20:49.644479347Z stderr F 	 stderr: error: error execution phase certs/apiserver: couldn't load CA certificate ca: failure loading ca certificate authority: failed to load key: couldn't load the private key file /etc/kubernetes/pki/ca.key: error reading private key file /etc/kubernetes/pki/ca.key: data does not contain a valid RSA or ECDSA private key

@sbueringer
Copy link
Member

Maybe similar to #12859 (comment)

@Karthik-K-N
Copy link
Contributor Author

Karthik-K-N commented Oct 23, 2025
edited
Loading

Just checking again to make sure it passes.
/test pull-cluster-api-e2e-blocking-main

@sbueringer
Copy link
Member

/test pull-cluster-api-e2e-main

Triggering all for more data

@sbueringer
Copy link
Member

I'll try to review again ASAP. Hopefully tomorrow or so

sbueringer
sbueringer reviewed Oct 30, 2025
View reviewed changes
Copy link
Member

@sbueringer sbueringer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Karthik-K-N Thank you very much!

Last round of minor findings from my side

I also already did some testing with Tilt and everything looks good

@Karthik-K-N
Copy link
Contributor Author

Addressed all the review comments. Please take a look when time permits, Thanks.

sbueringer
sbueringer reviewed Oct 31, 2025
View reviewed changes
@sbueringer
Copy link
Member

@Karthik-K-N Thx! Very last nit from my side.
You can also already open the PR for this one if you want: #12859 (comment) (but no rush)

/assign @fabriziopandini

@sbueringer
Copy link
Member

/test pull-cluster-api-e2e-main

(please trigger ^^ again after you fixed the last finding)

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from fabriziopandini. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Karthik-K-N
Copy link
Contributor Author

/test pull-cluster-api-e2e-main

@Karthik-K-N
Copy link
Contributor Author

@Karthik-K-N Thx! Very last nit from my side. You can also already open the PR for this one if you want: #12859 (comment) (but no rush)

/assign @fabriziopandini

I will submit a follow up soon, Thank you.

@k8s-ci-robot
Copy link
Contributor

@Karthik-K-N: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-cluster-api-apidiff-main 1c76d86 link false /test pull-cluster-api-apidiff-main

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@sbueringer
Copy link
Member

Thx!

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 31, 2025
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 416ca4fa275bafe77248da3bcec1e942993edd94

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sbueringer sbueringer sbueringer left review comments

@fabriziopandini fabriziopandini fabriziopandini left review comments

@elmiko elmiko Awaiting requested review from elmiko

@g-gaston g-gaston Awaiting requested review from g-gaston

Assignees

@sbueringer sbueringer

@fabriziopandini fabriziopandini

Labels

area/provider/bootstrap-kubeadm Issues or PRs related to CAPBK cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Karthik-K-N @sbueringer @k8s-ci-robot @fabriziopandini