From 711f5b23be69665d6204dbb80064e0ab0d1468c0 Mon Sep 17 00:00:00 2001
From: Andrey Smirnov <smirnov.andrey@gmail.com>
Date: Wed, 24 Mar 2021 23:52:33 +0300
Subject: [PATCH] fix: config validation: CNI should apply to cp nodes,
 encryption config

Encryption config should be checked for state partition as well.

Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
---
 pkg/machinery/config/types/v1alpha1/v1alpha1_validation.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/machinery/config/types/v1alpha1/v1alpha1_validation.go b/pkg/machinery/config/types/v1alpha1/v1alpha1_validation.go
index 12d9e5f162..f47633d4be 100644
--- a/pkg/machinery/config/types/v1alpha1/v1alpha1_validation.go
+++ b/pkg/machinery/config/types/v1alpha1/v1alpha1_validation.go
@@ -96,7 +96,7 @@ func (c *Config) Validate(mode config.RuntimeMode, options ...config.ValidationO
 		}
 	}
 
-	if c.Machine().Type() == machine.TypeInit {
+	if c.Machine().Type() == machine.TypeInit || c.Machine().Type() == machine.TypeControlPlane {
 		switch c.Cluster().Network().CNI().Name() {
 		case constants.CustomCNI:
 			// custom CNI with URLs or an empty list of manifests which will get applied
@@ -137,7 +137,7 @@ func (c *Config) Validate(mode config.RuntimeMode, options ...config.ValidationO
 		result = multierror.Append(result, fmt.Errorf("%q is not a valid DNS name", c.ClusterConfig.ClusterNetwork.DNSDomain))
 	}
 
-	for _, label := range []string{constants.EphemeralPartitionLabel} {
+	for _, label := range []string{constants.EphemeralPartitionLabel, constants.StatePartitionLabel} {
 		encryptionConfig := c.MachineConfig.SystemDiskEncryption().Get(label)
 		if encryptionConfig != nil {
 			if len(encryptionConfig.Keys()) == 0 {