🐛 etcd client terseness

[sethp-nr]

What this PR does / why we need it:

These changes surface the connection error that occurs inside the etcd
client when a misconfiguration occurs (such as invalid TLS certificates,
or an address that does not match one of the valid SANs).

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #2454

Two things I don't feel great about are:

• I'm not sure how to write a reasonably sized test for the behavior; the "easy" way to reproduce the issue I saw is to delete the etcd certs from a CAPI management cluster and let them be regenerated. Another approach that worked well in testing was to change this line in controlplane/kubeadm/internal/cluster.go:

	etcdclient, err := etcd.NewEtcdClient("127.0.0.1", dialer.DialContextWithAddr, tlsConfig)

to

	etcdclient, err := etcd.NewEtcdClient("invalid name that doesn't show up in the server's SAN list", dialer.DialContextWithAddr, tlsConfig)

• It's relying on forked upstream code; I do have a PR open with them (client: surface connection errors to callers grpc/grpc-go#3410) for what that's worth

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sethp-nr
To complete the pull request process, please assign davidewatson
You can assign the PR to them by writing /assign @davidewatson in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[randomvariable]

nice digging.
we may need to wait for your PR to grpc-go to merge though
/assign @vincepri for thoughts

[vincepri]

/hold
/milestone v0.3.x

Waiting for the upstream PR to GRPC to be merged before merging this

[detiber]

New upstream PR: grpc/grpc-go#3412

[sethp-nr]

I got redirected to grpc/grpc-go#2031 to continue the discussion.

[randomvariable]

sigh We also have the issue that etcd is not yet compatible with go-rpc 1.27

[sethp-nr]

Yeah, that's why this PR is pointing to a backport of my fix from the 1.27 branch to the 1.23 branch.

I'm not sure what grpc-go's backport policy is yet, my hope is that we can get whatever fix we land on into official 1.23!

[randomvariable]

somebody made a start at updating etcd etcd-io/etcd#11663

[k8s-ci-robot]

@sethp-nr: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[vincepri]

Going to close this for now, given that it has been open for a while without progress, feel free to reopen when needed.

/close

[k8s-ci-robot]

@vincepri: Closed this PR.

In response to this:

Going to close this for now, given that it has been open for a while without progress, feel free to reopen when needed.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.