Merge pull request kubernetes-sigs#10883 from awprice/issue-10882

🐛 Also use tls options for metrics/diagnostics server

bootstrap/kubeadm/main.go

@@ -80,8 +80,7 @@ var (
 	webhookCertName                string
 	webhookKeyName                 string
 	healthAddr                     string
-	tlsOptions                     = flags.TLSOptions{}
-	diagnosticsOptions             = flags.DiagnosticsOptions{}
+	managerOptions                 = flags.ManagerOptions{}
 	logOptions                     = logs.NewOptions()
 	// CABPK specific flags.
 	clusterConcurrency             int
@@ -170,8 +169,7 @@ func InitFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&healthAddr, "health-addr", ":9440",
 		"The address the health endpoint binds to.")
 
-	flags.AddDiagnosticsOptions(fs, &diagnosticsOptions)
-	flags.AddTLSOptions(fs, &tlsOptions)
+	flags.AddManagerOptions(fs, &managerOptions)
 
 	feature.MutableGates.AddFlag(fs)
 }
@@ -204,14 +202,12 @@ func main() {
 	restConfig.Burst = restConfigBurst
 	restConfig.UserAgent = remote.DefaultClusterAPIUserAgent(controllerName)
 
-	tlsOptionOverrides, err := flags.GetTLSOptionOverrideFuncs(tlsOptions)
+	tlsOptions, metricsOptions, err := flags.GetManagerOptions(managerOptions)
 	if err != nil {
-		setupLog.Error(err, "unable to add TLS settings to the webhook server")
+		setupLog.Error(err, "Unable to start manager: invalid flags")
 		os.Exit(1)
 	}
 
-	diagnosticsOpts := flags.GetDiagnosticsOptions(diagnosticsOptions)
-
 	var watchNamespaces map[string]cache.Config
 	if watchNamespace != "" {
 		watchNamespaces = map[string]cache.Config{
@@ -236,7 +232,7 @@ func main() {
 		LeaderElectionResourceLock: resourcelock.LeasesResourceLock,
 		HealthProbeBindAddress:     healthAddr,
 		PprofBindAddress:           profilerAddress,
-		Metrics:                    diagnosticsOpts,
+		Metrics:                    *metricsOptions,
 		Cache: cache.Options{
 			DefaultNamespaces: watchNamespaces,
 			SyncPeriod:        &syncPeriod,
@@ -265,7 +261,7 @@ func main() {
 				CertDir:  webhookCertDir,
 				CertName: webhookCertName,
 				KeyName:  webhookKeyName,
-				TLSOpts:  tlsOptionOverrides,
+				TLSOpts:  tlsOptions,
 			},
 		),
 	}

controlplane/kubeadm/main.go

@@ -84,8 +84,7 @@ var (
 	webhookCertName                string
 	webhookKeyName                 string
 	healthAddr                     string
-	tlsOptions                     = flags.TLSOptions{}
-	diagnosticsOptions             = flags.DiagnosticsOptions{}
+	managerOptions                 = flags.ManagerOptions{}
 	logOptions                     = logs.NewOptions()
 	// KCP specific flags.
 	kubeadmControlPlaneConcurrency  int
@@ -180,8 +179,7 @@ func InitFlags(fs *pflag.FlagSet) {
 		"Use the deprecated naming convention for infra machines where they are named after the InfraMachineTemplate.")
 	_ = fs.MarkDeprecated("use-deprecated-infra-machine-naming", "This flag will be removed in v1.9.")
 
-	flags.AddDiagnosticsOptions(fs, &diagnosticsOptions)
-	flags.AddTLSOptions(fs, &tlsOptions)
+	flags.AddManagerOptions(fs, &managerOptions)
 
 	feature.MutableGates.AddFlag(fs)
 }
@@ -214,14 +212,12 @@ func main() {
 	restConfig.Burst = restConfigBurst
 	restConfig.UserAgent = remote.DefaultClusterAPIUserAgent(controllerName)
 
-	tlsOptionOverrides, err := flags.GetTLSOptionOverrideFuncs(tlsOptions)
+	tlsOptions, metricsOptions, err := flags.GetManagerOptions(managerOptions)
 	if err != nil {
-		setupLog.Error(err, "unable to add TLS settings to the webhook server")
+		setupLog.Error(err, "Unable to start manager: invalid flags")
 		os.Exit(1)
 	}
 
-	diagnosticsOpts := flags.GetDiagnosticsOptions(diagnosticsOptions)
-
 	var watchNamespaces map[string]cache.Config
 	if watchNamespace != "" {
 		watchNamespaces = map[string]cache.Config{
@@ -246,7 +242,7 @@ func main() {
 		LeaderElectionResourceLock: resourcelock.LeasesResourceLock,
 		HealthProbeBindAddress:     healthAddr,
 		PprofBindAddress:           profilerAddress,
-		Metrics:                    diagnosticsOpts,
+		Metrics:                    *metricsOptions,
 		Cache: cache.Options{
 			DefaultNamespaces: watchNamespaces,
 			SyncPeriod:        &syncPeriod,
@@ -278,7 +274,7 @@ func main() {
 				CertDir:  webhookCertDir,
 				CertName: webhookCertName,
 				KeyName:  webhookKeyName,
-				TLSOpts:  tlsOptionOverrides,
+				TLSOpts:  tlsOptions,
 			},
 		),
 	}

docs/book/src/developer/providers/migrations/v1.7-to-v1.8.md

@@ -29,3 +29,4 @@ maintainers of providers and consumers of our Go API.
   and [kubernetes-sigs/controller-runtime#2811](https://github.com/kubernetes-sigs/controller-runtime/pull/2811).
 - `remote.NewClusterCacheTracker` now has options to configure QPS & Burst. It's highly recommended to implement corresponding flags
   the same way as core Cluster API (see PR: https://github.com/kubernetes-sigs/cluster-api/pull/10880).
+- There were changes made to flags in core CAPI (https://github.com/kubernetes-sigs/cluster-api/pull/10883, https://github.com/kubernetes-sigs/cluster-api/pull/10880). It's recommended to adopt these changes in providers as well. 

main.go

@@ -102,8 +102,7 @@ var (
 	webhookCertName                string
 	webhookKeyName                 string
 	healthAddr                     string
-	tlsOptions                     = flags.TLSOptions{}
-	diagnosticsOptions             = flags.DiagnosticsOptions{}
+	managerOptions                 = flags.ManagerOptions{}
 	logOptions                     = logs.NewOptions()
 	// core Cluster API specific flags.
 	clusterTopologyConcurrency      int
@@ -243,8 +242,7 @@ func InitFlags(fs *pflag.FlagSet) {
 		"Use deprecated infrastructure machine naming")
 	_ = fs.MarkDeprecated("use-deprecated-infra-machine-naming", "This flag will be removed in v1.9.")
 
-	flags.AddDiagnosticsOptions(fs, &diagnosticsOptions)
-	flags.AddTLSOptions(fs, &tlsOptions)
+	flags.AddManagerOptions(fs, &managerOptions)
 
 	feature.MutableGates.AddFlag(fs)
 }
@@ -292,14 +290,12 @@ func main() {
 		os.Exit(1)
 	}
 
-	tlsOptionOverrides, err := flags.GetTLSOptionOverrideFuncs(tlsOptions)
+	tlsOptions, metricsOptions, err := flags.GetManagerOptions(managerOptions)
 	if err != nil {
-		setupLog.Error(err, "Unable to add TLS settings to the webhook server")
+		setupLog.Error(err, "Unable to start manager: invalid flags")
 		os.Exit(1)
 	}
 
-	diagnosticsOpts := flags.GetDiagnosticsOptions(diagnosticsOptions)
-
 	var watchNamespaces map[string]cache.Config
 	if watchNamespace != "" {
 		watchNamespaces = map[string]cache.Config{
@@ -324,7 +320,7 @@ func main() {
 		LeaderElectionResourceLock: resourcelock.LeasesResourceLock,
 		HealthProbeBindAddress:     healthAddr,
 		PprofBindAddress:           profilerAddress,
-		Metrics:                    diagnosticsOpts,
+		Metrics:                    *metricsOptions,
 		Cache: cache.Options{
 			DefaultNamespaces: watchNamespaces,
 			SyncPeriod:        &syncPeriod,
@@ -353,7 +349,7 @@ func main() {
 				CertDir:  webhookCertDir,
 				CertName: webhookCertName,
 				KeyName:  webhookKeyName,
-				TLSOpts:  tlsOptionOverrides,
+				TLSOpts:  tlsOptions,
 			},
 		),
 	}

test/extension/main.go

@@ -85,8 +85,7 @@ var (
 	webhookCertName             string
 	webhookKeyName              string
 	healthAddr                  string
-	tlsOptions                  = flags.TLSOptions{}
-	diagnosticsOptions          = flags.DiagnosticsOptions{}
+	managerOptions              = flags.ManagerOptions{}
 	logOptions                  = logs.NewOptions()
 )
 
@@ -153,8 +152,7 @@ func InitFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&healthAddr, "health-addr", ":9440",
 		"The address the health endpoint binds to.")
 
-	flags.AddDiagnosticsOptions(fs, &diagnosticsOptions)
-	flags.AddTLSOptions(fs, &tlsOptions)
+	flags.AddManagerOptions(fs, &managerOptions)
 
 	// Add test-extension specific flags
 	// NOTE: it is not mandatory to use the same flag names in all RuntimeExtension, but it is recommended when
@@ -197,14 +195,12 @@ func main() {
 	restConfig.Burst = restConfigBurst
 	restConfig.UserAgent = remote.DefaultClusterAPIUserAgent(controllerName)
 
-	tlsOptionOverrides, err := flags.GetTLSOptionOverrideFuncs(tlsOptions)
+	tlsOptions, metricsOptions, err := flags.GetManagerOptions(managerOptions)
 	if err != nil {
-		setupLog.Error(err, "Unable to add TLS settings to the webhook server")
+		setupLog.Error(err, "Unable to start manager: invalid flags")
 		os.Exit(1)
 	}
 
-	diagnosticsOpts := flags.GetDiagnosticsOptions(diagnosticsOptions)
-
 	if enableContentionProfiling {
 		goruntime.SetBlockProfileRate(1)
 	}
@@ -215,7 +211,7 @@ func main() {
 		CertDir:  webhookCertDir,
 		CertName: webhookCertName,
 		KeyName:  webhookKeyName,
-		TLSOpts:  tlsOptionOverrides,
+		TLSOpts:  tlsOptions,
 		Catalog:  catalog,
 	})
 	if err != nil {
@@ -233,7 +229,7 @@ func main() {
 		LeaderElectionResourceLock: resourcelock.LeasesResourceLock,
 		HealthProbeBindAddress:     healthAddr,
 		PprofBindAddress:           profilerAddress,
-		Metrics:                    diagnosticsOpts,
+		Metrics:                    *metricsOptions,
 		Cache: cache.Options{
 			SyncPeriod: &syncPeriod,
 		},

test/infrastructure/docker/main.go

@@ -87,8 +87,7 @@ var (
 	webhookCertName                string
 	webhookKeyName                 string
 	healthAddr                     string
-	tlsOptions                     = flags.TLSOptions{}
-	diagnosticsOptions             = flags.DiagnosticsOptions{}
+	managerOptions                 = flags.ManagerOptions{}
 	logOptions                     = logs.NewOptions()
 	// CAPD specific flags.
 	concurrency                    int
@@ -171,8 +170,7 @@ func InitFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&healthAddr, "health-addr", ":9440",
 		"The address the health endpoint binds to.")
 
-	flags.AddDiagnosticsOptions(fs, &diagnosticsOptions)
-	flags.AddTLSOptions(fs, &tlsOptions)
+	flags.AddManagerOptions(fs, &managerOptions)
 
 	feature.MutableGates.AddFlag(fs)
 }
@@ -210,14 +208,12 @@ func main() {
 	restConfig.Burst = restConfigBurst
 	restConfig.UserAgent = remote.DefaultClusterAPIUserAgent(controllerName)
 
-	tlsOptionOverrides, err := flags.GetTLSOptionOverrideFuncs(tlsOptions)
+	tlsOptions, metricsOptions, err := flags.GetManagerOptions(managerOptions)
 	if err != nil {
-		setupLog.Error(err, "Unable to add TLS settings to the webhook server")
+		setupLog.Error(err, "Unable to start manager: invalid flags")
 		os.Exit(1)
 	}
 
-	diagnosticsOpts := flags.GetDiagnosticsOptions(diagnosticsOptions)
-
 	var watchNamespaces map[string]cache.Config
 	if watchNamespace != "" {
 		watchNamespaces = map[string]cache.Config{
@@ -242,7 +238,7 @@ func main() {
 		LeaderElectionResourceLock: resourcelock.LeasesResourceLock,
 		HealthProbeBindAddress:     healthAddr,
 		PprofBindAddress:           profilerAddress,
-		Metrics:                    diagnosticsOpts,
+		Metrics:                    *metricsOptions,
 		Cache: cache.Options{
 			DefaultNamespaces: watchNamespaces,
 			SyncPeriod:        &syncPeriod,
@@ -271,7 +267,7 @@ func main() {
 				CertDir:  webhookCertDir,
 				CertName: webhookCertName,
 				KeyName:  webhookKeyName,
-				TLSOpts:  tlsOptionOverrides,
+				TLSOpts:  tlsOptions,
 			},
 		),
 	}

test/infrastructure/inmemory/main.go

@@ -79,8 +79,7 @@ var (
 	webhookCertName             string
 	webhookKeyName              string
 	healthAddr                  string
-	tlsOptions                  = flags.TLSOptions{}
-	diagnosticsOptions          = flags.DiagnosticsOptions{}
+	managerOptions              = flags.ManagerOptions{}
 	logOptions                  = logs.NewOptions()
 	// CAPIM specific flags.
 	clusterConcurrency int
@@ -158,8 +157,7 @@ func InitFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&healthAddr, "health-addr", ":9440",
 		"The address the health endpoint binds to.")
 
-	flags.AddDiagnosticsOptions(fs, &diagnosticsOptions)
-	flags.AddTLSOptions(fs, &tlsOptions)
+	flags.AddManagerOptions(fs, &managerOptions)
 
 	feature.MutableGates.AddFlag(fs)
 }
@@ -192,14 +190,12 @@ func main() {
 	restConfig.Burst = restConfigBurst
 	restConfig.UserAgent = remote.DefaultClusterAPIUserAgent(controllerName)
 
-	tlsOptionOverrides, err := flags.GetTLSOptionOverrideFuncs(tlsOptions)
+	tlsOptions, metricsOptions, err := flags.GetManagerOptions(managerOptions)
 	if err != nil {
-		setupLog.Error(err, "Unable to add TLS settings to the webhook server")
+		setupLog.Error(err, "Unable to start manager: invalid flags")
 		os.Exit(1)
 	}
 
-	diagnosticsOpts := flags.GetDiagnosticsOptions(diagnosticsOptions)
-
 	var watchNamespaces map[string]cache.Config
 	if watchNamespace != "" {
 		watchNamespaces = map[string]cache.Config{
@@ -221,7 +217,7 @@ func main() {
 		LeaderElectionResourceLock: resourcelock.LeasesResourceLock,
 		HealthProbeBindAddress:     healthAddr,
 		PprofBindAddress:           profilerAddress,
-		Metrics:                    diagnosticsOpts,
+		Metrics:                    *metricsOptions,
 		Cache: cache.Options{
 			DefaultNamespaces: watchNamespaces,
 			SyncPeriod:        &syncPeriod,
@@ -242,7 +238,7 @@ func main() {
 				CertDir:  webhookCertDir,
 				CertName: webhookCertName,
 				KeyName:  webhookKeyName,
-				TLSOpts:  tlsOptionOverrides,
+				TLSOpts:  tlsOptions,
 			},
 		),
 	}