From f476857addc9906247a09a43e2c5413430a03a4d Mon Sep 17 00:00:00 2001
From: Ole Markus With <o.with@sportradar.com>
Date: Tue, 19 Jan 2021 20:20:12 +0100
Subject: [PATCH] Warn if cilium encryption is enabled, but no secret has been
 set

---
 upup/pkg/fi/cloudup/apply_cluster.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/upup/pkg/fi/cloudup/apply_cluster.go b/upup/pkg/fi/cloudup/apply_cluster.go
index ea67a5e2f7..5154592c30 100644
--- a/upup/pkg/fi/cloudup/apply_cluster.go
+++ b/upup/pkg/fi/cloudup/apply_cluster.go
@@ -342,6 +342,20 @@ func (c *ApplyClusterCmd) Run(ctx context.Context) error {
 		}
 	}
 
+	ciliumSpec := c.Cluster.Spec.Networking.Cilium
+	if ciliumSpec != nil && ciliumSpec.EnableEncryption {
+		secret, err := secretStore.FindSecret("ciliumpassword")
+		if err != nil {
+			return fmt.Errorf("could not load the ciliumpassword secret: %w", err)
+		}
+		if secret == nil {
+			fmt.Println("")
+			fmt.Println("You have cilium encryption enabled, but no ciliumpassword secret has been set.")
+			fmt.Println("See `kops create secret ciliumpassword -h`")
+			return fmt.Errorf("could not find ciliumpassword secret")
+		}
+	}
+
 	if err := c.addFileAssets(assetBuilder); err != nil {
 		return err
 	}