Bump CAPI to v1.10.2

[tamalsaha]

What type of PR is this?

What this PR does / why we need it:
As the title suggests, I am updating k/k libs. Requires Azure/azure-service-operator#4646

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #5491
Fixes #5589

Special notes for your reviewer:

TODOs:

• squashed commits
• includes documentation
• adds unit tests
• cherry-pick candidate

Release note:

Bump CAPI to v1.10.2

[k8s-ci-robot]

Welcome @tamalsaha!

It looks like this is your first PR to kubernetes-sigs/cluster-api-provider-azure 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/cluster-api-provider-azure has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @tamalsaha. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[nawazkh]

5000+ changes?! 😱

[tamalsaha]

Whatever go mod vendor; go mod tidy giveth.

The real change is the fixes needed for the Validator and Defaulter api breakage by the controller-runtime.

[nawazkh]

Whatever go mod vendor; go mod tidy giveth.

Thanks for the update! Just an FYI: Cluster API Provider Azure doesn’t vendor its dependencies, we rely on Go modules and our go.mod/go.sum files for dependency management.

[tamalsaha]

Removed the vendor folder. PTAL.

Just curious why the vendor folder is not added to the .gitignore.

[willie-yao]

/ok-to-test

[nawazkh]

Just curious why the vendor folder is not added to the .gitignore.

I did not find a historical reason for this, so I cannot really guess either.
Getting vendor/ ignored via .gitignore will be a welcome change. Please feel free to update gitignore via this PR, although I request you to add it in a separate commit and not squash the commit updating gitignore before merging.

[nawazkh]

Sorry I don't fully understand this. Is there a specific reason to be pinning github.com/Azure/azure-service-operator/v2 v1.12.0 to a specific SHA v2.12.1-0.20250328191251-ba00156bcd68 ?

[nawazkh]

Also, does updating ASO version also require us to update API Versions at CAPZ, @nojnhuh ?

[nojnhuh]

We generally should not be pinning to untagged commits for ASO because we also pull in their YAML manifests and CRDs from tagged releases. I don't think those are available for every commit. The ones from the closest release might work, but we we don't need to be in the business of verifying those things ourselves. Let's wait to update ASO until they tag a release with the new controller-runtime.

[tamalsaha]

The kubebuilder api breakage also affects the ASO repo. This is the first commit where this was fixed.

Azure/azure-service-operator#4646

Once they have a proper tag that should be used. But there is no tag since ASO pr was merged.

[mboersma]

I ended up doing the same in #5533; I think this is the only way to satisfy dependencies until ASO does another release.

[tamalsaha]

Done.

[mboersma]

@tamalsaha apparently there's a vulnerability in the v4 jwt package we need to update so this will pass the security check. This should probably fix it:

go get -u github.com/golang-jwt/jwt/v4

Thanks so much for sticking with this PR! There is a light at the end of this tunnel. 😄

[tamalsaha]

I guess it got reverted in the last rebase. Should be fixed now.

[mboersma]

/retest

[tamalsaha]

/retest

[damdo]

/retest

[k8s-ci-robot]

@tamalsaha: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-cluster-api-provider-azure-apidiff	8f54b2f	link	false	/test pull-cluster-api-provider-azure-apidiff

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[mboersma]

/lgtm
/approve

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 8ce46eca50d5af3fb1973da7cfda9383dacb14ff

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mboersma

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [mboersma]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[mboersma]

/hold cancel

[tamalsaha]

Thank you @damdo @mboersma for your help getting this merged 🎇 !