Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generated ca-secret can contain empty key #97

Closed
lennardk opened this issue Sep 27, 2021 · 0 comments · Fixed by #99
Closed

Generated ca-secret can contain empty key #97

lennardk opened this issue Sep 27, 2021 · 0 comments · Fixed by #99
Assignees
@smira

Comments

@lennardk
Copy link

When creating control-plane and worker machines at the same time, for example by doing something along the lines of the following, cabpt can decide to generate the ${CLUSTER_NAME}-ca secret (TalosConfigReconciler.writeK8sCASecret) based on a workers machineconfig, thus containing an empty tls.key. This in turn causes trouble when generating the ${CLUSTER_NAME}-kubeconfig secret.

In my use case I'm using TalosConfigTemplate with generateType: none and data set to a full config.

Speculation on solutions could include:

  • checking for type to be init or controlplane before deciding to generate the secret
  • checking for the Machine to have a TalosControlPlane as ownerRefence
  • checking for the Machine to have a 'anything in the controlplane.cluster.x-k8s.io/v1alpha3 namespace as ownerReference, for if someone invents a reason to use cabpt without cacppt.
@smira smira self-assigned this Sep 28, 2021
@smira smira mentioned this issue Sep 28, 2021
Merged
smira added a commit to smira/cluster-api-bootstrap-provider-talos that referenced this issue Sep 28, 2021
@smira
fix: don't write incomplete <cluster>-ca secret for configtype none
874f5a7 
Fixes siderolabs#97

Skip creating the secret if the supplied user config doesn't have full
cluster CA. Cluster secret will be created once the controlplane machine
configuration is passed in.

Signed-off-by: Andrey Smirnov <[email protected]>
(cherry picked from commit 8c7fec8)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@smira smira

Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@smira @lennardk