fix: nil pointer dereferences in private cluster reconciliation (v1.11.0-beta.0)#1
Open
fix: nil pointer dereferences in private cluster reconciliation (v1.11.0-beta.0)#1
Conversation
Fixes two nil pointer dereference issues when creating/reconciling private GKE clusters: 1. Creation path: Initialize NetworkConfig before accessing DefaultEnablePrivateNodes. Also set EnablePrivateNodes on PrivateClusterConfig to match (GCP SDK requires both to be equal). 2. Reconciliation path: Initialize DesiredControlPlaneEndpointsConfig and IpEndpointsConfig before assigning AuthorizedNetworksConfig in checkDiffAndPrepareUpdate. Both issues occur when using private clusters with PSC (Private Service Connect) mode, i.e., enablePrivateEndpoint: true without specifying controlPlaneCidrBlock. Related issues: - kubernetes-sigs#1497 - kubernetes-sigs#1503 Signed-off-by: Piotr Kieszczyński <piotr.kieszczynski@gmail.com>
pkieszcz
force-pushed
the
v1.11.0-beta.0-patched
branch
from
e69b757 to
53cc350
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Patches CAPG v1.11.0-beta.0 to fix nil pointer dereferences when creating/reconciling private GKE clusters with PSC (Private Service Connect) mode - i.e., when
enablePrivateEndpoint: truewithout specifyingcontrolPlaneCidrBlock.Fixes
1. Creation path (NetworkConfig initialization)
In
createCluster,cluster.NetworkConfig.DefaultEnablePrivateNodeswas accessed beforeNetworkConfigwas initialized.Changes:
NetworkConfigbefore accessingDefaultEnablePrivateNodesEnablePrivateNodesonPrivateClusterConfigto match (GCP SDK requires both fields to have the same value)2. Reconciliation path (DesiredControlPlaneEndpointsConfig initialization)
In
checkDiffAndPrepareUpdate,clusterUpdate.DesiredControlPlaneEndpointsConfig.IpEndpointsConfig.AuthorizedNetworksConfigwas assigned without initializing the parent structs.Changes:
DesiredControlPlaneEndpointsConfigandIpEndpointsConfigbefore assigningAuthorizedNetworksConfigRelated upstream issues
Image
Built and pushed to Artifact Registry:
Rebuild instructions
Usage in CAPI Operator
In
argocd/applicationsets/capi-operator.yaml:GCPManagedControlPlane requirements
When using private endpoint,
master_authorized_networks_configmust be set in the GCPManagedControlPlane spec:Prerequisites
Grant Artifact Registry read access to the management cluster's compute service account: