No events from ccm when tls connection failed

[JeremyLARDENOIS]

Bug Report

Description

Hello, I had an issue to trouble shoot my mistake recently. Whereas i used self signed certificate, I forgot to click on "Allow insecure XO connection" when creating a receipe kubernetes cluster. The only way to see the error was in the error of the ccm and the taint of nodes. Like we discussed about it, it could be interesting to add such events

Logs

I0324 14:29:53.564973       1 serving.go:386] Generated self-signed cert in-memory
I0324 14:29:53.901433       1 serving.go:386] Generated self-signed cert in-memory
W0324 14:29:53.901525       1 client_config.go:667] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
I0324 14:29:53.979549       1 envvar.go:172] "Feature gate default state" feature="ClientsAllowCBOR" enabled=false
I0324 14:29:53.979600       1 envvar.go:172] "Feature gate default state" feature="ClientsPreferCBOR" enabled=false
I0324 14:29:53.979619       1 envvar.go:172] "Feature gate default state" feature="InOrderInformers" enabled=true
I0324 14:29:53.979627       1 envvar.go:172] "Feature gate default state" feature="InformerResourceVersion" enabled=false
I0324 14:29:53.979633       1 envvar.go:172] "Feature gate default state" feature="WatchListClient" enabled=false
I0324 14:29:53.991051       1 requestheader_controller.go:255] Loaded a new request header values for RequestHeaderAuthRequestController
I0324 14:29:53.992590       1 controllermanager.go:160] Version: v1.0.0
I0324 14:29:53.997587       1 configmap_cafile_content.go:205] "Starting controller" name="client-ca::kube-system::extension-apiserver-authentication::client-ca-file"
I0324 14:29:53.997618       1 shared_informer.go:349] "Waiting for caches to sync" controller="client-ca::kube-system::extension-apiserver-authentication::client-ca-file"
I0324 14:29:53.997644       1 requestheader_controller.go:180] Starting RequestHeaderAuthRequestController
I0324 14:29:53.997653       1 shared_informer.go:349] "Waiting for caches to sync" controller="RequestHeaderAuthRequestController"
I0324 14:29:53.997681       1 configmap_cafile_content.go:205] "Starting controller" name="client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file"
I0324 14:29:53.997689       1 shared_informer.go:349] "Waiting for caches to sync" controller="client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file"
I0324 14:29:53.997903       1 tlsconfig.go:203] "Loaded serving cert" certName="Generated self signed cert" certDetail="\"localhost@1774362593\" [serving[] validServingFor=[127.0.0.1,localhost,localhost] issuer=\"localhost-ca@1774362593\" (2026-03-24 13:29:53 +0000 UTC to 2027-03-24 13:29:53 +0000 UTC (now=2026-03-24 14:29:53.997707875 +0000 UTC))"
I0324 14:29:53.998394       1 named_certificates.go:53] "Loaded SNI cert" index=0 certName="self-signed loopback" certDetail="\"apiserver-loopback-client@1774362593\" [serving[] validServingFor=[apiserver-loopback-client] issuer=\"apiserver-loopback-client-ca@1774362593\" (2026-03-24 13:29:53 +0000 UTC to 2029-03-24 13:29:53 +0000 UTC (now=2026-03-24 14:29:53.998371177 +0000 UTC))"
I0324 14:29:53.998751       1 secure_serving.go:211] Serving securely on [::]:10258
I0324 14:29:53.998854       1 tlsconfig.go:243] "Starting DynamicServingCertificateController"
I0324 14:29:54.000455       1 reflector.go:436] "Caches populated" type="*v1.ConfigMap" reflector="pkg/mod/k8s.io/client-go@v0.34.1/tools/cache/reflector.go:290"
I0324 14:29:54.001770       1 reflector.go:436] "Caches populated" type="*v1.ConfigMap" reflector="pkg/mod/k8s.io/client-go@v0.34.1/tools/cache/reflector.go:290"
I0324 14:29:54.003478       1 reflector.go:436] "Caches populated" type="*v1.ConfigMap" reflector="pkg/mod/k8s.io/client-go@v0.34.1/tools/cache/reflector.go:290"
I0324 14:29:54.010349       1 cloud.go:77] "clientset initialized"
E0324 14:29:54.029400       1 cloud.go:85] "failed to check Xen Orchestra client" err="failed to get list of VMs, error: failed to do request Get \"<XOA URI>/rest/v0/vms?fields=%2A&limit=1\": tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match <XOA URI>%!(EXTRA string=<XOA URI>/rest/v0/vms?fields=%2A&limit=1)"
I0324 14:29:54.029446       1 cloud.go:96] "Xen Orchestra client initialized"
I0324 14:29:54.029478       1 controllermanager.go:310] Starting "cloud-node-controller"
I0324 14:29:54.0339stream closed: EOF for kube-system/xenorchestra-cloud-controller-manager-545b945d6f-k2qb8 (xenorchestra-cloud-controller-manager)

Environment

• Plugin version: idk
• Kubernetes version: tested from 1.33 to 1.35

[gCyrille]

You're right. Instead of just logging an error, we could throw an event and stop the provider with an error code 👍
This should make easier to see configuration and credential issues.

This log come from this line: pkg/xenorchestra/cloud.go:86