Merge pull request #17295 from ameukam/go-1.24

Bump Go to v1.24

Author: k8s-ci-robot

.golangci.yaml

@@ -1,6 +1,6 @@
 run:
   timeout: 30m
-  go: "1.23"
+  go: "1.24"
 
 issues:
   max-same-issues: 0

cloudbuild.yaml

@@ -2,64 +2,64 @@
 timeout: 1800s
 options:
   substitution_option: ALLOW_LOOSE
-  machineType: 'N1_HIGHCPU_32'
+  machineType: "E2_HIGHCPU_32"
 steps:
-# Push the images
-- name: 'docker.io/library/golang:1.23.5-bookworm'
-  id: images
-  entrypoint: make
-  env:
-  # _GIT_TAG is not a valid semver, we use CI=1 instead
-  # - VERSION=$_GIT_TAG
-  - CI=$_CI
-  - PULL_BASE_REF=$_PULL_BASE_REF
-  - DOCKER_REGISTRY=$_DOCKER_REGISTRY
-  - DOCKER_IMAGE_PREFIX=$_DOCKER_IMAGE_PREFIX
-  args:
-  - kops-utils-cp-push
-  - kops-controller-push
-  - dns-controller-push
-  - kube-apiserver-healthcheck-push
-# Push the artifacts
-- name: 'docker.io/library/golang:1.23.5-bookworm'
-  id: artifacts
-  entrypoint: make
-  env:
-  # _GIT_TAG is not a valid semver, we use CI=1 instead
-  # - VERSION=$_GIT_TAG
-  - CI=$_CI
-  - PULL_BASE_REF=$_PULL_BASE_REF
-  - DOCKER_REGISTRY=$_DOCKER_REGISTRY
-  - DOCKER_IMAGE_PREFIX=$_DOCKER_IMAGE_PREFIX
-  - GCS_LOCATION=$_GCS_LOCATION
-  - LATEST_FILE=markers/${_PULL_BASE_REF}/latest-ci.txt
-  args:
-  - gcs-upload-and-tag
-# Build cloudbuild artifacts (for attestation)
-- name: 'docker.io/library/golang:1.23.5-bookworm'
-  id: cloudbuild-artifacts
-  entrypoint: make
-  env:
-  # _GIT_TAG is not a valid semver, we use CI=1 instead
-  # - VERSION=$_GIT_TAG
-  - CI=$_CI
-  - PULL_BASE_REF=$_PULL_BASE_REF
-  - DOCKER_REGISTRY=$_DOCKER_REGISTRY
-  - DOCKER_IMAGE_PREFIX=$_DOCKER_IMAGE_PREFIX
-  - GCS_LOCATION=$_GCS_LOCATION
-  - LATEST_FILE=markers/${_PULL_BASE_REF}/latest-ci.txt
-  args:
-  - cloudbuild-artifacts
+  # Push the images
+  - name: "mirror.gcr.io/library/golang:1.24.1-bookworm"
+    id: images
+    entrypoint: make
+    env:
+      # _GIT_TAG is not a valid semver, we use CI=1 instead
+      # - VERSION=$_GIT_TAG
+      - CI=$_CI
+      - PULL_BASE_REF=$_PULL_BASE_REF
+      - DOCKER_REGISTRY=$_DOCKER_REGISTRY
+      - DOCKER_IMAGE_PREFIX=$_DOCKER_IMAGE_PREFIX
+    args:
+      - kops-utils-cp-push
+      - kops-controller-push
+      - dns-controller-push
+      - kube-apiserver-healthcheck-push
+  # Push the artifacts
+  - name: "mirror.gcr.io/library/golang:1.24.1-bookworm"
+    id: artifacts
+    entrypoint: make
+    env:
+      # _GIT_TAG is not a valid semver, we use CI=1 instead
+      # - VERSION=$_GIT_TAG
+      - CI=$_CI
+      - PULL_BASE_REF=$_PULL_BASE_REF
+      - DOCKER_REGISTRY=$_DOCKER_REGISTRY
+      - DOCKER_IMAGE_PREFIX=$_DOCKER_IMAGE_PREFIX
+      - GCS_LOCATION=$_GCS_LOCATION
+      - LATEST_FILE=markers/${_PULL_BASE_REF}/latest-ci.txt
+    args:
+      - gcs-upload-and-tag
+  # Build cloudbuild artifacts (for attestation)
+  - name: "mirror.gcr.io/library/golang:1.24.1-bookworm"
+    id: cloudbuild-artifacts
+    entrypoint: make
+    env:
+      # _GIT_TAG is not a valid semver, we use CI=1 instead
+      # - VERSION=$_GIT_TAG
+      - CI=$_CI
+      - PULL_BASE_REF=$_PULL_BASE_REF
+      - DOCKER_REGISTRY=$_DOCKER_REGISTRY
+      - DOCKER_IMAGE_PREFIX=$_DOCKER_IMAGE_PREFIX
+      - GCS_LOCATION=$_GCS_LOCATION
+      - LATEST_FILE=markers/${_PULL_BASE_REF}/latest-ci.txt
+    args:
+      - cloudbuild-artifacts
 substitutions:
   # _GIT_TAG will be filled with a git-based tag for the image, of the form vYYYYMMDD-hash, and
   # can be used as a substitution
-  _CI: '1'
-  _GIT_TAG: '12345'
-  _PULL_BASE_REF: 'dev'
-  _DOCKER_REGISTRY: 'gcr.io'
-  _DOCKER_IMAGE_PREFIX: 'k8s-staging-kops/'
-  _GCS_LOCATION: 'gs://k8s-staging-kops/kops/releases/'
+  _CI: "1"
+  _GIT_TAG: "12345"
+  _PULL_BASE_REF: "dev"
+  _DOCKER_REGISTRY: "gcr.io"
+  _DOCKER_IMAGE_PREFIX: "k8s-staging-kops/"
+  _GCS_LOCATION: "gs://k8s-staging-kops/kops/releases/"
 artifacts:
   objects:
-    location: '$_GCS_LOCATION/$_GIT_TAG/cloudbuild/'
+    location: "$_GCS_LOCATION/$_GIT_TAG/cloudbuild/"
     paths: ["cloudbuild/*"]

go.mod

@@ -1,7 +1,9 @@
 module k8s.io/kops
 
 // This should be kept in sync with cloudbuild.yaml and the other go.mod files
-go 1.23.5
+go 1.24.1
+
+godebug default=go1.24
 
 require (
 	cloud.google.com/go/compute/metadata v0.5.2

hack/go.mod

@@ -1,6 +1,6 @@
 module k8s.io/kops/hack
 
-go 1.23.5
+go 1.24.1
 
 require (
 	github.com/client9/misspell v0.3.4

pkg/kubeconfig/create_kubecfg_test.go

@@ -142,7 +142,7 @@ func fakeKeyset() *fi.Keyset {
 
 func TestBuildKubecfg(t *testing.T) {
 	originalPKIDefaultPrivateKeySize := pki.DefaultPrivateKeySize
-	pki.DefaultPrivateKeySize = 512
+	pki.DefaultPrivateKeySize = 2048
 	defer func() {
 		pki.DefaultPrivateKeySize = originalPKIDefaultPrivateKeySize
 	}()

pkg/pki/certificate_test.go

@@ -29,10 +29,10 @@ import (
 )
 
 func TestGenerateCertificate(t *testing.T) {
-	data := "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA4JwpEprZ5n8RIEt6jT2lAh+UDgRgx/4px21gjgywQivYHVxH\nAZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMDZVt+McFnWVwexnqBYFNcVjkEmDgA\ngvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+CpOxyLhYZZNa0ZOZDHsSiJSQSj9WGF\nGHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m74kjK4dsBhmjeq/7OAoTmiG2QgJ/\nP2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdGkwwZz2eF77aSPGmi/A2CSKgMwDTx\n9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF6QIDAQABAoIBAA0ktjaTfyrAxsTI\nBezb7Zr5NBW55dvuII299cd6MJo+rI/TRYhvUv48kY8IFXp/hyUjzgeDLunxmIf9\n/Zgsoic9Ol44/g45mMduhcGYPzAAeCdcJ5OB9rR9VfDCXyjYLlN8H8iU0734tTqM\n0V13tQ9zdSqkGPZOIcq/kR/pylbOZaQMe97BTlsAnOMSMKDgnftY4122Lq3GYy+t\nvpr+bKVaQZwvkLoSU3rECCaKaghgwCyX7jft9aEkhdJv+KlwbsGY6WErvxOaLWHd\ncuMQjGapY1Fa/4UD00mvrA260NyKfzrp6+P46RrVMwEYRJMIQ8YBAk6N6Hh7dc0G\n8Z6i1m0CgYEA9HeCJR0TSwbIQ1bDXUrzpftHuidG5BnSBtax/ND9qIPhR/FBW5nj\n22nwLc48KkyirlfIULd0ae4qVXJn7wfYcuX/cJMLDmSVtlM5Dzmi/91xRiFgIzx1\nAsbBzaFjISP2HpSgL+e9FtSXaaqeZVrflitVhYKUpI/AKV31qGHf04sCgYEA6zTV\n99Sb49Wdlns5IgsfnXl6ToRttB18lfEKcVfjAM4frnkk06JpFAZeR+9GGKUXZHqs\nz2qcplw4d/moCC6p3rYPBMLXsrGNEUFZqBlgz72QA6BBq3X0Cg1Bc2ZbK5VIzwkg\nST2SSux6ccROfgULmN5ZiLOtdUKNEZpFF3i3qtsCgYADT/s7dYFlatobz3kmMnXK\nsfTu2MllHdRys0YGHu7Q8biDuQkhrJwhxPW0KS83g4JQym+0aEfzh36bWcl+u6R7\nKhKj+9oSf9pndgk345gJz35RbPJYh+EuAHNvzdgCAvK6x1jETWeKf6btj5pF1U1i\nQ4QNIw/QiwIXjWZeubTGsQKBgQCbduLu2rLnlyyAaJZM8DlHZyH2gAXbBZpxqU8T\nt9mtkJDUS/KRiEoYGFV9CqS0aXrayVMsDfXY6B/S/UuZjO5u7LtklDzqOf1aKG3Q\ndGXPKibknqqJYH+bnUNjuYYNerETV57lijMGHuSYCf8vwLn3oxBfERRX61M/DU8Z\nworz/QKBgQDCTJI2+jdXg26XuYUmM4XXfnocfzAXhXBULt1nENcogNf1fcptAVtu\nBAiz4/HipQKqoWVUYmxfgbbLRKKLK0s0lOWKbYdVjhEm/m2ZU8wtXTagNwkIGoyq\nY/C1Lox4f1ROJnCjc/hfcOjcxX5M8A8peecHWlVtUPKTJgxQ7oMKcw==\n-----END RSA PRIVATE KEY-----\n"
-	publicKeyData := "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4JwpEprZ5n8RIEt6jT2l\nAh+UDgRgx/4px21gjgywQivYHVxHAZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMD\nZVt+McFnWVwexnqBYFNcVjkEmDgAgvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+Cp\nOxyLhYZZNa0ZOZDHsSiJSQSj9WGFGHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m\n74kjK4dsBhmjeq/7OAoTmiG2QgJ/P2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdG\nkwwZz2eF77aSPGmi/A2CSKgMwDTx9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF\n6QIDAQAB\n-----END RSA PUBLIC KEY-----\n"
-	signerCertData := "-----BEGIN CERTIFICATE-----\nMIIBTDCB96ADAgECAhBjHcUz56MCdYqSYy7TYNe3MA0GCSqGSIb3DQEBCwUAMBUx\nEzARBgNVBAMTCnNlbGZzaWduZWQwHhcNMjAwNDI0MjMzNDM5WhcNMzAwNDI0MjMz\nNDM5WjAVMRMwEQYDVQQDEwpzZWxmc2lnbmVkMFwwDQYJKoZIhvcNAQEBBQADSwAw\nSAJBAL5zWUObMH5dBestQgDIa4B/rT7Cc21AK+B7gPvMcEfIWow5u6QE+EyhRTPv\n727oY+2MU9e4vq5RXBG7hneuBoECAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgEGMA8G\nA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADQQBLUFz7gDKRRyjEwgRZnZzP\nOma9WIgOjX36OFllyGkspu1ZcW/EtGEGNXqtMsm1QmG38Lh7Nkehb5xoAmm6hkFA\n-----END CERTIFICATE-----"
-	signerKeyData := "-----BEGIN RSA PRIVATE KEY-----\nMIIBOQIBAAJBAL5zWUObMH5dBestQgDIa4B/rT7Cc21AK+B7gPvMcEfIWow5u6QE\n+EyhRTPv727oY+2MU9e4vq5RXBG7hneuBoECAwEAAQJAZ9ZUUPwIEJ1/YJ4oYmzj\n0AfM2W8DqAlY4ufzh1YL0daGUkiuQg0p6CeqFqgnQluZ3bcXPG8iBQp1EeekULFL\nAQIhAOGbozbIEI+26Ehv41aCMWkKO1R05AVzmoNp1T2Ke6npAiEA2BtEPRSdhLek\nZR7vhk7KNTJ2XExJ+T/l2849EsojANkCIAWYD1b3ZPm7Rk0tgQyPE9yP5WK1t0Wv\nVSB3ClOJUIGpAiAfUBQbJZmNWW6gmFLsiw4RlzY/OW6ehvuvVbrTtiZMQQIgD2zY\nU2EjvR0zY5PsJYbcLHa9ieCA5ni/VW70WKn9K5s=\n-----END RSA PRIVATE KEY-----"
+	data := "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCthOYz2rjTI2x7hyWDiqxUS4LPBXctThTRCm8mGANvCaHESVhMMAVkeIINn90zhVHvr48CnMR2qSWwxR8AZJpFvR7hKk8gHh494pLW/eSUwP3pJbSOxt0OsxXEflaiHR5x1VJ9DsTl9Vy3qSkhsYBFPMMoLk7kpb3Y0F+t6ewIFrFw0IHXvbSYm07dN6amJXU/L78X/kAcsD9IDfE4EqOf5P4WBpXZ4YnCt+kpQR0sFmCst/2ktlgU+TCsP+PNUuzHsAovmLNdOdpplC1VmIUaT5/CuAITz0YASs8L2H9MlgxtwJ3CkNr/H4Y1UhTXxgKPMskdvrMGLLkh+Y7z4k/vAgMBAAECggEABLEsI759h/a/F2SzVCga+oPji3iQ3UXtadetOMD70B6uY/yTFCr/l6oV44ttSQLeZoD/TilHZhQIg7auMhhbqZjFwyid5MxGXL20jcwQyHWi3Waacs/tfgPEChZb07ITjC13YmVUrV6MqB9oEClYwsaJWnFMyyxbgrI5HB6lYMnnjzU+otkqwVtMbe1mO1nX7paBxJ+pNbtasihKCWRJZAMZ9bcRw01+QFRca2CVJjPWlkD9N2S/0Q7+4YqUTNh/dx3t2uBuxg1ji7TQzBKT5ftF9lLlDwlEyXYqqOYUFgU9541sGVUVisXp/mykJVN7z3osoz+oU62kXqQm0YLlQQKBgQDdZqDKwDVmL23Tguwhrs6quj8VWCpD78YC8zzICFBDDWWY5Jdl+07Bw9gwgHyb8h3JfRMXXFg62tFald10hqi5raLva6QKYwkLSe372syrJXaEej/x8NE1bQf8wzl6yS0fv/UwZ1aZTiKUSj7LKNS720IDAGdEn/1NdL6zUBNkQQKBgQDIorZGO/zkLyWRU1Zzc2pxwtL/iYwFmsndKEEojvs0NIe6ySIG0HOw+wFqczjoiyIORten8Vypz4CEUe4fVJwkeJa6GrVFNWTlNi4mX2p33L9OJEFa82Uisf0amTedC2RQEfnMu5PKDedVl5WZ3HOUbQPNJ+qYy+9SyhHi73joLwKBgBpbb2TzwOerWc3GVkokP2I/zebCmjWAQ/hx8Jh3tOZmn+O1wvhXFKcoo4ISqcL+7eDgzPcI/U/0YNwB311R8qA4NZ9/FwZNh/QaFwTWpWryiMt4qkgpPR65HixPKXaeoIqZFZ1vj/WsQZ2ZwSP6dmjuz0sAL0sSKNuhvFoofEaBAoGAGzppvjJZ6aW0VXqX2uco5PNpqyBBjmkpSAg0f4qX8MfIO8McCQy1Bqmp0YZ9jKGFJ6bZkYMh7jGo4Uw1Iq9a2WA8JFmHjDLo1Gp77N06F7YviC1HaU5qxUCedsOgVoG7RVqLKguyzNMCOA1wUgcm8FezEl5+aeoTOosNzlxtbiUCgYB0OWavac9ZP/BDU2gfTkeks/Z+HtIssToBQ1AiByQxdTPNHZ5GCDvvy/9g8CKETkHU1DoG78lAsMCMDUc1mPFVpTJllxaO9SOIgfYxgkRt9fyenQmdhiXbvJ4vv503sAQdU1knw2UgIcwPjXAaBR3Rf2gyMBkdZ2icQvILKz2OOQ==\n-----END PRIVATE KEY-----"
+	publicKeyData := "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYTmM9q40yNse4clg4qs\nVEuCzwV3LU4U0QpvJhgDbwmhxElYTDAFZHiCDZ/dM4VR76+PApzEdqklsMUfAGSa\nRb0e4SpPIB4ePeKS1v3klMD96SW0jsbdDrMVxH5Woh0ecdVSfQ7E5fVct6kpIbGA\nRTzDKC5O5KW92NBfrensCBaxcNCB1720mJtO3TempiV1Py+/F/5AHLA/SA3xOBKj\nn+T+FgaV2eGJwrfpKUEdLBZgrLf9pLZYFPkwrD/jzVLsx7AKL5izXTnaaZQtVZiF\nGk+fwrgCE89GAErPC9h/TJYMbcCdwpDa/x+GNVIU18YCjzLJHb6zBiy5IfmO8+JP\n7wIDAQAB\n-----END RSA PUBLIC KEY-----\n"
+	signerCertData := "-----BEGIN CERTIFICATE-----\nMIIDAzCCAeugAwIBAgIUX5OneoJSyzLbD5/cUsacl0+kbLcwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGc2lnbmVyMB4XDTI1MDMxMDEzMzkwNFoXDTM1MDMwODEzMzkwNFowETEPMA0GA1UEAwwGc2lnbmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Ym6Hcv4f7OU8rkrZr6ur9VC9HnJe/Gi/lmHvwLe+RqnpqDWxbQDR5Q3dwVnBgbMS3CVVTwcERqK5AkHSehG68OtUu9ygMFZDoqMU+7UJglfsY550SBk5YZuvhTRFgtlGqiKjRoD+p8/thrx0l4BV54FJvE9g7k31X+ynHP75hAsPTIobsAk3DYAtV651NLwpmyEQqCiyImJKi7jcvR/YpZobzFSQ1fPp9yBxxKTJZrBf54ZATPOLc0Pxv0rA5MscT0ujFYe7lC1EKUAlZ6mSIWFXsuJaXQmPmGctX5m50DxhKXfVEfr77xIa1+Xqh9bq4/sFxryuPyYiNJNnRMY4QIDAQABo1MwUTAdBgNVHQ4EFgQU0pax2FviEHNrcKbXtjmQsB8LBe8wHwYDVR0jBBgwFoAU0pax2FviEHNrcKbXtjmQsB8LBe8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAxtC4lB/HqvfFh/7qcgUInfZ7f0p4EzthTSDOf83zuOV4YFzD1K003YloTC720PNjURc3JMCSl2gT4vzM3zxwfp0FXuzTkW9mU8IPoWX7iArXp80wl1zLBc9HJ2eVN4zK8abTgnq2j7U3Fd/pCQjNeToyHfYk7VW3d4Xco38NIh9GWTCDwjfYAr0jNLBATuYZreCSatysIITQcE7LNUhD1QywNtF74SS4J3rHOgYHK+/jFW4KqCMA5VeXBenutpqYKIcP8lg4/qQiAWrqiY/dTyhKSDdb8vczaq31H6XMv5czcmUHRx0yI2XwoKuD4uTBIPGisJWqoMaW/GyyKdvugw==\n-----END CERTIFICATE-----"
+	signerKeyData := "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDZibody/h/s5TyuStmvq6v1UL0ecl78aL+WYe/At75GqemoNbFtANHlDd3BWcGBsxLcJVVPBwRGorkCQdJ6Ebrw61S73KAwVkOioxT7tQmCV+xjnnRIGTlhm6+FNEWC2UaqIqNGgP6nz+2GvHSXgFXngUm8T2DuTfVf7Kcc/vmECw9MihuwCTcNgC1XrnU0vCmbIRCoKLIiYkqLuNy9H9ilmhvMVJDV8+n3IHHEpMlmsF/nhkBM84tzQ/G/SsDkyxxPS6MVh7uULUQpQCVnqZIhYVey4lpdCY+YZy1fmbnQPGEpd9UR+vvvEhrX5eqH1urj+wXGvK4/JiI0k2dExjhAgMBAAECggEAAXDKDLx3DtFvoRPc17dXjM6KvPe5f9qfy7NoFLm+JEQq7A2QnoqMowK2Q1GD1yRgYfeC5aeaP/q/BLeSlsi0/4ayNSRky7l8D36XY07nlMDnI1PgNqRSRrrXLOcSY2T77GtFT53mfNhlIZ2YEF6S/7OKMTHTyHWHiyBnXGXgOyvJHufKZ6+VECL4PlYLIAom1PlClNVt/TafwbEIhpbfpH/XYJCJ6GcpbWU2EpkZPYxxlCF+kd7PVI7kPzQQ9DTWDBmBI6mX9t0HPFmzlo4TfaUdgqIZfOwuBEVwi5+Pb4kppVK1QGKAl4DxqBgQnmqeWfEelwhsEEzIyUaocU0PYQKBgQDw1e+5tjL4bqNvuKGJwZcMplVMmEv6W+sxV4qMfFkV/dzEwsYQgqjDz2B9lipTadlXiuQ6B6iNVkAGwfZhTHjq0ruf5UB7yZ5CJSA8sXARR1Y4aEefes4np5Pw+N/jOY30PWrgtClT4PJxON3w9LnSWHDg62whvMUzqDZuz2JVdQKBgQDnPEB607FNoEgFAnfm4hy0JcmePvgndIPRJe+2vlWr0+xwtLoFCAQWIm4sagXWWzRco981eCPovElQ7T9SZwFVH1xBSEY54N4KSoX7L+HffeDB52i1a+UlQQEY0vi6ep48smBoJ+7UOFpDHp2LSn3bkyNy5XtxAG9hTXilBW5MPQKBgQCZXFJ0my5n/uQ6b4MGWu2aE4174ft36PKjEBDdFw4PsAHWlgVUXC+lyTezoV1AksXhNkPRJDFUF1lcNEV1fiH9vsXVs0HV0fTiQAwAOimYBypDbzw0tRn0LIVLzN+dLXhU0Itvnao3jKY2LTU/jEeMR99RivjnnvKgy3wmIg+HRQKBgFmzTtQW8M3LIoUG+xpOlpHvorHHfZ5YnZXxoHcEiNlaIXtrMEopXOR1QMXr7w3DXaGeVEU6sLtk5xAEqK6/lI2/15rffZaQO7JETIsvfPCktR6jNURDcaWs/M7zcFdun5muHKXq78PVhHZLFxRktkQKZRL6IJOqdoqJcgaZ/7qFAoGAWb2dubn2yi6EoRh24T9+qQ1FZLMOigHEnv0+X93A8KS5pqKJ7Fc9NBnXng1f3R5wBjinXjenVGWDJYLe3LQA2w85OmdEL/cqkLIuCARyc/r5MFB0jzGTvbXZUvg2TCE2MdwZMX91dN4RS5B1o06g4ISWO6cdLl9y0EUHLtUTiZc=\n-----END PRIVATE KEY-----"
 
 	key, err := ParsePEMPrivateKey([]byte(data))
 	require.NoError(t, err, "ParsePEMPrivateKey")
@@ -64,6 +64,7 @@ func TestGenerateCertificate(t *testing.T) {
 			name: "selfsigned",
 			template: x509.Certificate{
 				KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
+				Issuer:                pkix.Name{CommonName: "selfsigned"},
 				ExtKeyUsage:           []x509.ExtKeyUsage{},
 				BasicConstraintsValid: true,
 				IsCA:                  true,
@@ -133,7 +134,11 @@ func TestGenerateCertificate(t *testing.T) {
 			if tc.signer == nil {
 				tc.signer = cert.Certificate
 			}
-			assert.Equal(t, cert.Certificate.Issuer, signer.Certificate.Subject, "Issuer")
+			if tc.name == "selfsigned" {
+				assert.Equal(t, cert.Certificate.Issuer, cert.Certificate.Subject, "Issuer")
+			} else {
+				assert.Equal(t, cert.Certificate.Issuer, signer.Certificate.Subject, "Issuer")
+			}
 			pool := x509.NewCertPool()
 			pool.AddCert(tc.signer)
 			_, err = cert.Certificate.Verify(x509.VerifyOptions{

pkg/pki/issue_test.go

@@ -18,9 +18,11 @@ package pki
 
 import (
 	"context"
+	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
 	"crypto/x509/pkix"
+	"math/big"
 	"net"
 	"os"
 	"testing"
@@ -54,12 +56,29 @@ func TestIssueCert(t *testing.T) {
 		os.Setenv("KOPS_RSA_PRIVATE_KEY_SIZE", origSize)
 	}()
 
-	caCertificate, err := ParsePEMCertificate([]byte("-----BEGIN CERTIFICATE-----\nMIIBRjCB8aADAgECAhAzhRMOcwfggPtgZNIOFU19MA0GCSqGSIb3DQEBCwUAMBIx\nEDAOBgNVBAMTB1Rlc3QgQ0EwHhcNMjAwNTE1MDIzNjI0WhcNMzAwNTE1MDIzNjI0\nWjASMRAwDgYDVQQDEwdUZXN0IENBMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAM/S\ncagGaiDA3jJWBXUr8rM19TWLA65jK/iA05FCsmQbyvETs5gbJdBfnhQp8wkKFlkt\nKxZ34k3wQUzoB1lv8/kCAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB\n/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADQQCDOxvs58AVAWgWLtD3Obvy7XXsKx6d\nMzg9epbiQchLE4G/jlbgVu7vwh8l5XFNfQooG6stCU7pmLFXkXzkJQxr\n-----END CERTIFICATE-----\n"))
+	// Generate a new RSA key pair using rsa.GenerateKey
+	caKey, err := rsa.GenerateKey(rand.Reader, 2048)
 	require.NoError(t, err)
-	caPrivateKey, err := ParsePEMPrivateKey([]byte("-----BEGIN RSA PRIVATE KEY-----\nMIIBPAIBAAJBAM/ScagGaiDA3jJWBXUr8rM19TWLA65jK/iA05FCsmQbyvETs5gb\nJdBfnhQp8wkKFlktKxZ34k3wQUzoB1lv8/kCAwEAAQJBAJzXQZeBX87gP9DVQsEv\nLbc6XZjPFTQi/ChLcWALaf5J7drFJHUcWbKIHzOmM3fm3lQlb/1IcwOBU5cTY0e9\nBVECIQD73kxOWWAIzKqMOvFZ9s79Et7G1HUMnVAVKJ1NS1uvYwIhANM7LULdi0YD\nbcHvDl3+Msj4cPH7CXAJFyPWaQZPlXPzAiEAhDg6jpbUl0n57guzT6sFFk2lrXMy\nzyB2PeVITp9UzkkCIEpcF7flQ+U2ycmuvVELbpdfFmupIw5ktNex4DEPjR5PAiEA\n68vR1L1Kaja/GzU76qAQaYA/V1Ag4sPmOQdEaVZKu78=\n-----END RSA PRIVATE KEY-----\n"))
+
+	// Create pki.PrivateKey wrapper for CA key
+	caPrivateKey := &PrivateKey{Key: caKey}
+
+	// Create the CA
+	caTemplate := &x509.Certificate{
+		SerialNumber:          big.NewInt(1),
+		Subject:               pkix.Name{CommonName: "Test CA"},
+		NotBefore:             time.Now(),
+		NotAfter:              time.Now().Add(10 * 365 * 24 * time.Hour),
+		KeyUsage:              x509.KeyUsageCertSign | x509.KeyUsageCRLSign,
+		BasicConstraintsValid: true,
+		IsCA:                  true,
+	}
+
+	caCertDER, err := x509.CreateCertificate(rand.Reader, caTemplate, caTemplate, &caKey.PublicKey, caKey)
 	require.NoError(t, err)
-	privateKey, err := ParsePEMPrivateKey([]byte("-----BEGIN RSA PRIVATE KEY-----\nMIIBOQIBAAJBANgL5cR2cLOB7oZZTiuiUmMwQRBaia8yLULt+XtBtDHf0lPOrn78\nvLPh7P7zRBgHczbTddcsg68g9vAfb9TC5M8CAwEAAQJAJytxCv+WS1VhU4ZZf9u8\nKDOVeEuR7uuf/SR8OPaenvPqONpYbZSVjnWnRBRHvg3HaHchQqH32UljZUojs9z4\nEQIhAO/yoqCFckfqswOGwWyYX1oNOtU8w9ulXlZqAtZieavVAiEA5n/tKHoZyx3U\nbZcks/wns1WqhAoSmDJpMyVXOVrUlBMCIDGnalQBiYasYOMn7bsFRSYjertJ2dYI\nQJ9tTK0Er90JAiAmpVQx8SbZ80pmhWzV8HUHkFligf3UHr+cn6ocJ6p0mQIgB728\npdvrS5zRPoUN8BHfWOZcPrElKTuJjP2kH6eNPvI=\n-----END RSA PRIVATE KEY-----"))
+	caCert, err := x509.ParseCertificate(caCertDER)
 	require.NoError(t, err)
+	caCertificate := &Certificate{Certificate: caCert}
 
 	for _, tc := range []struct {
 		name                string
@@ -115,7 +134,7 @@ func TestIssueCert(t *testing.T) {
 					CommonName: "Test client/server",
 				},
 				AlternateNames: []string{"*.internal.test.cluster.local", "localhost", "127.0.0.1"},
-				PrivateKey:     privateKey,
+				PrivateKey:     caPrivateKey,
 			},
 			expectedKeyUsage:    x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
 			expectedExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
@@ -131,7 +150,7 @@ func TestIssueCert(t *testing.T) {
 					CommonName: "Test server",
 				},
 				AlternateNames: []string{"*.internal.test.cluster.local", "localhost", "127.0.0.1"},
-				PrivateKey:     privateKey,
+				PrivateKey:     caPrivateKey,
 			},
 			expectedKeyUsage:    x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment,
 			expectedExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},

tests/e2e/go.mod

@@ -1,6 +1,6 @@
 module k8s.io/kops/tests/e2e
 
-go 1.23.5
+go 1.24.1
 
 replace k8s.io/kops => ../../.
 

tools/otel/traceserver/go.mod

@@ -1,6 +1,6 @@
 module k8s.io/kops/tools/otel/traceserver
 
-go 1.23.5
+go 1.24.1
 
 require (
 	go.opentelemetry.io/proto/otlp v1.3.1