Merge pull request #805 from salasberryfin/bump_capi_v1.12.2

feat: bump to capi v1.12.2

Author: salasberryfin

bootstrap/internal/controllers/rke2config_scope.go

@@ -28,7 +28,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
 	clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2"
-	exputil "sigs.k8s.io/cluster-api/exp/util"
 	"sigs.k8s.io/cluster-api/util"
 
 	bootstrapv1 "github.com/rancher/cluster-api-provider-rke2/bootstrap/api/v1beta2"
@@ -84,7 +83,7 @@ func NewScope(ctx context.Context, req ctrl.Request, client client.Client) (*Sco
 		clusterName = machine.Spec.ClusterName
 	}
 
-	machinePool, err := exputil.GetOwnerMachinePool(ctx, client, config.ObjectMeta)
+	machinePool, err := util.GetOwnerMachinePool(ctx, client, config.ObjectMeta)
 	if err != nil {
 		return nil, fmt.Errorf("fetching MachinePool owner: %w", err)
 	}

controlplane/internal/controllers/lifecycle_hook_test.go

@@ -30,6 +30,7 @@ import (
 	clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2"
 	"sigs.k8s.io/cluster-api/controllers/clustercache"
 	"sigs.k8s.io/cluster-api/controllers/remote"
+	"sigs.k8s.io/cluster-api/util/cache"
 	"sigs.k8s.io/cluster-api/util/collections"
 	"sigs.k8s.io/cluster-api/util/kubeconfig"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -212,9 +213,14 @@ var _ = Describe("Lifecycle Hooks", Ordered, func() {
 			ref))).To(Succeed())
 
 		r = &RKE2ControlPlaneReconciler{
-			Client:                    testEnv.GetClient(),
-			Scheme:                    testEnv.GetScheme(),
-			managementCluster:         &rke2.Management{Client: testEnv.GetClient(), SecretCachingClient: testEnv.GetClient()},
+			Client: testEnv.GetClient(),
+			Scheme: testEnv.GetScheme(),
+			managementCluster: &rke2.Management{
+				Client:              testEnv.GetClient(),
+				SecretCachingClient: testEnv.GetClient(),
+				ClusterCache:        clusterCache,
+				ClientCertCache:     cache.New[rke2.ClientCertEntry](24 * time.Hour),
+			},
 			managementClusterUncached: &rke2.Management{Client: testEnv.GetClient()},
 		}
 	})

controlplane/internal/controllers/rke2controlplane_controller.go

@@ -49,6 +49,7 @@ import (
 	"sigs.k8s.io/cluster-api/controllers/remote"
 	"sigs.k8s.io/cluster-api/util"
 	"sigs.k8s.io/cluster-api/util/annotations"
+	"sigs.k8s.io/cluster-api/util/cache"
 	"sigs.k8s.io/cluster-api/util/certs"
 	"sigs.k8s.io/cluster-api/util/collections"
 	"sigs.k8s.io/cluster-api/util/conditions"
@@ -79,6 +80,9 @@ const (
 
 	// DefaultRequeueTime is the default requeue time for the controller.
 	DefaultRequeueTime = 20 * time.Second
+
+	// certCacheTtl is the default TTL for cached certificates.
+	certCacheTtl = 24 * time.Hour
 )
 
 // RKE2ControlPlaneReconciler reconciles a RKE2ControlPlane object.
@@ -345,6 +349,7 @@ func (r *RKE2ControlPlaneReconciler) SetupWithManager(
 			Client:              r.Client,
 			SecretCachingClient: r.SecretCachingClient,
 			ClusterCache:        clusterCache,
+			ClientCertCache:     cache.New[rke2.ClientCertEntry](certCacheTtl),
 		}
 	}
 
@@ -480,7 +485,7 @@ func (r *RKE2ControlPlaneReconciler) reconcileNormal(
 		return ctrl.Result{}, err
 	}
 
-	ownedMachines := controlPlaneMachines.Filter(collections.OwnedMachines(rcp))
+	ownedMachines := controlPlaneMachines.Filter(collections.OwnedMachines(rcp, controlplanev1.GroupVersion.WithKind("RKE2ControlPlane").GroupKind()))
 	if len(ownedMachines) != len(controlPlaneMachines) {
 		logger.Info("Not all control plane machines are owned by this RKE2ControlPlane, refusing to operate in mixed management mode") //nolint:lll
 
@@ -598,7 +603,7 @@ func (r *RKE2ControlPlaneReconciler) reconcileDelete(ctx context.Context,
 		return ctrl.Result{}, err
 	}
 
-	ownedMachines := allMachines.Filter(collections.OwnedMachines(rcp))
+	ownedMachines := allMachines.Filter(collections.OwnedMachines(rcp, controlplanev1.GroupVersion.WithKind("RKE2ControlPlane").GroupKind()))
 
 	// If no control plane machines remain, remove the finalizer
 	if len(ownedMachines) == 0 {
@@ -741,7 +746,7 @@ func (r *RKE2ControlPlaneReconciler) reconcileKubeconfig(
 	}
 
 	// only do rotation on owned secrets
-	if !util.IsControlledBy(configSecret, rcp) {
+	if !util.IsControlledBy(configSecret, rcp, controlplanev1.GroupVersion.WithKind("RKE2ControlPlane").GroupKind()) {
 		logger.Info("Kubeconfig Secret not controlled by RKE2ControlPlane, nothing to do")
 
 		return ctrl.Result{}, nil

controlplane/internal/controllers/rke2controlplane_controller_test.go

@@ -23,11 +23,15 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/utils/ptr"
 	clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2"
+	"sigs.k8s.io/cluster-api/controllers/clustercache"
+	"sigs.k8s.io/cluster-api/controllers/remote"
+	"sigs.k8s.io/cluster-api/util/cache"
 	"sigs.k8s.io/cluster-api/util/certs"
 	"sigs.k8s.io/cluster-api/util/collections"
 	"sigs.k8s.io/cluster-api/util/conditions"
 	"sigs.k8s.io/cluster-api/util/kubeconfig"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/controller"
 )
 
 const (
@@ -43,6 +47,7 @@ var _ = Describe("Rotate kubeconfig cert", func() {
 		ccaSecret        *corev1.Secret
 		kubeconfigSecret *corev1.Secret
 		clusterKey       client.ObjectKey
+		clusterCache     clustercache.ClusterCache
 	)
 	BeforeEach(func() {
 		kubeconfigSecret = &corev1.Secret{}
@@ -62,6 +67,21 @@ var _ = Describe("Rotate kubeconfig cert", func() {
 			},
 		}
 
+		clusterCache, err = clustercache.SetupWithManager(ctx, testEnv.Manager, clustercache.Options{
+			SecretClient: testEnv.GetClient(),
+			Client: clustercache.ClientOptions{
+				UserAgent: remote.DefaultClusterAPIUserAgent("test-controller-manager"),
+				Cache: clustercache.ClientCacheOptions{
+					DisableFor: []client.Object{
+						// Don't cache ConfigMaps & Secrets.
+						&corev1.ConfigMap{},
+						&corev1.Secret{},
+					},
+				},
+			},
+		}, controller.Options{MaxConcurrentReconciles: 10, SkipNameValidation: ptr.To(true)})
+		Expect(err).ToNot(HaveOccurred())
+
 		// Generate new Secret Cluster CA
 		certPEM, _, err := generateCertAndKey(time.Now().Add(3650 * 24 * time.Hour)) // 10 years from now
 		Expect(err).ShouldNot(HaveOccurred())
@@ -100,10 +120,17 @@ var _ = Describe("Rotate kubeconfig cert", func() {
 	It("Should rotate kubeconfig secret if needed", func() {
 		By("Creating the first kubeconfig if not existing yet")
 		r := &RKE2ControlPlaneReconciler{
-			Client:                    testEnv.GetClient(),
-			Scheme:                    testEnv.GetScheme(),
-			managementCluster:         &rke2.Management{Client: testEnv.GetClient(), SecretCachingClient: testEnv.GetClient()},
-			managementClusterUncached: &rke2.Management{Client: testEnv.GetClient()},
+			Client: testEnv.GetClient(),
+			Scheme: testEnv.GetScheme(),
+			managementCluster: &rke2.Management{
+				Client:              testEnv.GetClient(),
+				SecretCachingClient: testEnv.GetClient(),
+				ClusterCache:        clusterCache,
+				ClientCertCache:     cache.New[rke2.ClientCertEntry](24 * time.Hour),
+			},
+			managementClusterUncached: &rke2.Management{
+				Client: testEnv.GetClient(),
+			},
 		}
 		endpoint := clusterv1.APIEndpoint{Host: "1.2.3.4", Port: 6443}
 
@@ -174,6 +201,7 @@ var _ = Describe("Reconcile control plane conditions", func() {
 		machine        *clusterv1.Machine
 		machineWithRef *clusterv1.Machine
 		config         *bootstrapv1.RKE2Config
+		clusterCache   clustercache.ClusterCache
 	)
 
 	BeforeEach(func() {
@@ -371,9 +399,26 @@ var _ = Describe("Reconcile control plane conditions", func() {
 			},
 		}
 
+		clusterCache, err = clustercache.SetupWithManager(ctx, testEnv.Manager, clustercache.Options{
+			SecretClient: testEnv.GetClient(),
+			Client: clustercache.ClientOptions{
+				UserAgent: remote.DefaultClusterAPIUserAgent("test-controller-manager"),
+				Cache: clustercache.ClientCacheOptions{
+					DisableFor: []client.Object{
+						// Don't cache ConfigMaps & Secrets.
+						&corev1.ConfigMap{},
+						&corev1.Secret{},
+					},
+				},
+			},
+		}, controller.Options{MaxConcurrentReconciles: 10, SkipNameValidation: ptr.To(true)})
+		Expect(err).ToNot(HaveOccurred())
+
 		m := &rke2.Management{
-			Client:              testEnv,
-			SecretCachingClient: testEnv,
+			Client:              testEnv.GetClient(),
+			SecretCachingClient: testEnv.GetClient(),
+			ClusterCache:        clusterCache,
+			ClientCertCache:     cache.New[rke2.ClientCertEntry](24 * time.Hour),
 		}
 
 		cp, err = rke2.NewControlPlane(ctx, m, testEnv.GetClient(), cluster, rcp, collections.FromMachineList(&ml))
@@ -398,9 +443,14 @@ var _ = Describe("Reconcile control plane conditions", func() {
 
 	It("should reconcile cp and machine conditions successfully", func() {
 		r := &RKE2ControlPlaneReconciler{
-			Client:                    testEnv.GetClient(),
-			Scheme:                    testEnv.GetScheme(),
-			managementCluster:         &rke2.Management{Client: testEnv.GetClient(), SecretCachingClient: testEnv.GetClient()},
+			Client: testEnv.GetClient(),
+			Scheme: testEnv.GetScheme(),
+			managementCluster: &rke2.Management{
+				Client:              testEnv.GetClient(),
+				SecretCachingClient: testEnv.GetClient(),
+				ClusterCache:        clusterCache,
+				ClientCertCache:     cache.New[rke2.ClientCertEntry](24 * time.Hour),
+			},
 			managementClusterUncached: &rke2.Management{Client: testEnv.GetClient()},
 		}
 		_, err := r.reconcileControlPlaneConditions(ctx, cp)

controlplane/internal/controllers/scale.go

@@ -58,7 +58,8 @@ func (r *RKE2ControlPlaneReconciler) initializeControlPlane(
 
 	// Perform an uncached read of all the owned machines. This check is in place to make sure
 	// that the controller cache is not misbehaving and we end up initializing the cluster more than once.
-	ownedMachines, err := r.managementClusterUncached.GetMachinesForCluster(ctx, cluster, collections.OwnedMachines(rcp))
+	ownedMachines, err := r.managementClusterUncached.GetMachinesForCluster(
+		ctx, cluster, collections.OwnedMachines(rcp, controlplanev1.GroupVersion.WithKind("RKE2ControlPlane").GroupKind()))
 	if err != nil {
 		logger.Error(err, "failed to perform an uncached read of control plane machines for cluster")
 

controlplane/internal/controllers/status.go

@@ -67,7 +67,7 @@ func (r *RKE2ControlPlaneReconciler) updateStatus(ctx context.Context, rcp *cont
 	ownedMachines, err := r.managementCluster.GetMachinesForCluster(
 		ctx,
 		cluster,
-		collections.OwnedMachines(rcp))
+		collections.OwnedMachines(rcp, controlplanev1.GroupVersion.WithKind("RKE2ControlPlane").GroupKind()))
 	if err != nil {
 		return errors.Wrap(err, "failed to get list of owned machines")
 	}
@@ -244,7 +244,7 @@ func (r *RKE2ControlPlaneReconciler) updateV1Beta1Status(ctx context.Context, rc
 	ownedMachines, err := r.managementCluster.GetMachinesForCluster(
 		ctx,
 		cluster,
-		collections.OwnedMachines(rcp))
+		collections.OwnedMachines(rcp, controlplanev1.GroupVersion.WithKind("RKE2ControlPlane").GroupKind()))
 	if err != nil {
 		return errors.Wrap(err, "failed to get list of owned machines")
 	}

go.mod

@@ -14,31 +14,34 @@ require (
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.23.2
 	github.com/spf13/pflag v1.0.10
-	go.etcd.io/etcd/api/v3 v3.6.4
-	go.etcd.io/etcd/client/v3 v3.6.4
-	go.uber.org/zap v1.27.0
+	go.etcd.io/etcd/api/v3 v3.6.6
+	go.etcd.io/etcd/client/v3 v3.6.6
+	go.uber.org/zap v1.27.1
 	google.golang.org/grpc v1.77.0
 	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/api v0.34.1
-	k8s.io/apiextensions-apiserver v0.34.1
-	k8s.io/apimachinery v0.34.1
-	k8s.io/apiserver v0.34.1
-	k8s.io/client-go v0.34.1
+	k8s.io/api v0.34.3
+	k8s.io/apiextensions-apiserver v0.34.3
+	k8s.io/apimachinery v0.34.3
+	k8s.io/apiserver v0.34.3
+	k8s.io/client-go v0.34.3
 	k8s.io/klog/v2 v2.130.1
 	k8s.io/utils v0.0.0-20250604170112-4c0f3b243397
-	sigs.k8s.io/cluster-api v1.11.5
-	sigs.k8s.io/cluster-api/test v1.11.5
-	sigs.k8s.io/controller-runtime v0.22.4
+	sigs.k8s.io/cluster-api v1.12.2
+	sigs.k8s.io/cluster-api/test v1.12.2
+	sigs.k8s.io/controller-runtime v0.22.5
 	sigs.k8s.io/kind v0.31.0
 	sigs.k8s.io/yaml v1.6.0
 )
 
 require (
 	al.essio.dev/pkg/shellescape v1.5.1 // indirect
 	cel.dev/expr v0.24.0 // indirect
+	dario.cat/mergo v1.0.1 // indirect
 	github.com/BurntSushi/toml v1.4.0 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
+	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver/v3 v3.4.0 // indirect
+	github.com/Masterminds/sprig/v3 v3.3.0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect
@@ -57,10 +60,10 @@ require (
 	github.com/coreos/go-systemd/v22 v22.6.0 // indirect
 	github.com/coreos/vcontext v0.0.0-20230201181013-d72178a18687 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/docker v28.3.3+incompatible // indirect
-	github.com/docker/go-connections v0.5.0 // indirect
+	github.com/docker/docker v28.5.2+incompatible // indirect
+	github.com/docker/go-connections v0.6.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.12.2 // indirect
+	github.com/emicklei/go-restful/v3 v3.13.0 // indirect
 	github.com/evanphx/json-patch v5.9.11+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
 	github.com/fatih/color v1.18.0 // indirect
@@ -87,43 +90,51 @@ require (
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 // indirect
+	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/mattn/go-runewidth v0.0.14 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/spdystream v0.5.0 // indirect
 	github.com/moby/sys/sequential v0.6.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
-	github.com/olekukonko/tablewriter v0.0.5 // indirect
+	github.com/olekukonko/cat v0.0.0-20250911104152-50322a0618f6 // indirect
+	github.com/olekukonko/errors v1.1.0 // indirect
+	github.com/olekukonko/ll v0.1.1 // indirect
+	github.com/olekukonko/tablewriter v1.0.9 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.1 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect
 	github.com/prometheus/common v0.66.1 // indirect
 	github.com/prometheus/procfs v0.16.1 // indirect
-	github.com/rivo/uniseg v0.4.2 // indirect
-	github.com/sagikazarmark/locafero v0.7.0 // indirect
-	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spf13/afero v1.12.0 // indirect
-	github.com/spf13/cast v1.7.1 // indirect
-	github.com/spf13/cobra v1.9.1 // indirect
-	github.com/spf13/viper v1.20.1 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/sagikazarmark/locafero v0.11.0 // indirect
+	github.com/shopspring/decimal v1.4.0 // indirect
+	github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
+	github.com/spf13/afero v1.15.0 // indirect
+	github.com/spf13/cast v1.10.0 // indirect
+	github.com/spf13/cobra v1.10.1 // indirect
+	github.com/spf13/viper v1.21.0 // indirect
 	github.com/stoewer/go-strcase v1.3.0 // indirect
 	github.com/stretchr/testify v1.11.1 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
+	github.com/valyala/fastjson v1.6.4 // indirect
 	github.com/vincent-petithory/dataurl v1.0.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	go.etcd.io/etcd/client/pkg/v3 v3.6.4 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.6.6 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect
 	go.opentelemetry.io/otel v1.38.0 // indirect
@@ -153,8 +164,8 @@ require (
 	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	k8s.io/cluster-bootstrap v0.33.3 // indirect
-	k8s.io/component-base v0.34.1 // indirect
+	k8s.io/cluster-bootstrap v0.34.2 // indirect
+	k8s.io/component-base v0.34.3 // indirect
 	k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect
 	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 // indirect
 	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect