diff --git a/cmd/kube-scheduler/app/options/options_test.go b/cmd/kube-scheduler/app/options/options_test.go index 07988f013a5..c6af802e5fe 100644 --- a/cmd/kube-scheduler/app/options/options_test.go +++ b/cmd/kube-scheduler/app/options/options_test.go @@ -82,7 +82,7 @@ func TestSchedulerOptions(t *testing.T) { apiVersion: kubescheduler.config.k8s.io/v1 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' leaderElection: leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil { t.Fatal(err) @@ -114,7 +114,7 @@ users: apiVersion: componentconfig/v1alpha1 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' leaderElection: leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil { t.Fatal(err) @@ -125,7 +125,7 @@ leaderElection: apiVersion: kubescheduler.config.k8s.io/v1beta3 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' leaderElection: leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil { t.Fatal(err) @@ -136,7 +136,7 @@ leaderElection: apiVersion: kubescheduler.config.k8s.io/v1beta2 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' leaderElection: leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil { t.Fatal(err) @@ -147,7 +147,7 @@ leaderElection: apiVersion: kubescheduler.config.k8s.io/unknown kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' leaderElection: leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil { t.Fatal(err) @@ -157,7 +157,7 @@ leaderElection: if err := os.WriteFile(noVersionConfig, []byte(fmt.Sprintf(` kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' leaderElection: leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil { t.Fatal(err) @@ -168,7 +168,7 @@ leaderElection: apiVersion: kubescheduler.config.k8s.io/v1 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' leaderElection: leaderElect: true foo: bar`, configKubeconfig)), os.FileMode(0600)); err != nil { @@ -180,7 +180,7 @@ foo: bar`, configKubeconfig)), os.FileMode(0600)); err != nil { apiVersion: kubescheduler.config.k8s.io/v1 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' leaderElection: leaderElect: true leaderElect: false`, configKubeconfig)), os.FileMode(0600)); err != nil { @@ -217,7 +217,7 @@ users: apiVersion: kubescheduler.config.k8s.io/v1 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' profiles: - plugins: reserve: @@ -248,7 +248,7 @@ profiles: apiVersion: kubescheduler.config.k8s.io/v1beta3 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' profiles: - plugins: reserve: @@ -279,7 +279,7 @@ profiles: apiVersion: kubescheduler.config.k8s.io/v1beta2 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' profiles: - plugins: reserve: @@ -310,7 +310,7 @@ profiles: apiVersion: kubescheduler.config.k8s.io/v1 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' profiles: - schedulerName: "foo-profile" plugins: @@ -337,7 +337,7 @@ profiles: apiVersion: kubescheduler.config.k8s.io/v1beta3 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' profiles: - schedulerName: "foo-profile" plugins: @@ -364,7 +364,7 @@ profiles: apiVersion: kubescheduler.config.k8s.io/v1beta2 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' profiles: - schedulerName: "foo-profile" plugins: diff --git a/cmd/kube-scheduler/app/server_test.go b/cmd/kube-scheduler/app/server_test.go index a0ef12e05cf..82970edbf2c 100644 --- a/cmd/kube-scheduler/app/server_test.go +++ b/cmd/kube-scheduler/app/server_test.go @@ -88,7 +88,7 @@ users: apiVersion: kubescheduler.config.k8s.io/v1 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' profiles: - plugins: multiPoint: @@ -126,7 +126,7 @@ profiles: apiVersion: kubescheduler.config.k8s.io/v1beta3 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' profiles: - plugins: multiPoint: @@ -164,7 +164,7 @@ profiles: apiVersion: kubescheduler.config.k8s.io/v1beta2 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' profiles: - plugins: preFilter: @@ -201,7 +201,7 @@ profiles: apiVersion: kubescheduler.config.k8s.io/v1beta3 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' profiles: - plugins: preFilter: @@ -220,7 +220,7 @@ profiles: apiVersion: kubescheduler.config.k8s.io/v1beta3 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' profiles: - plugins: preFilter: @@ -239,7 +239,7 @@ profiles: apiVersion: kubescheduler.config.k8s.io/v1beta2 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' profiles: - plugins: preFilter: @@ -258,7 +258,7 @@ profiles: apiVersion: kubescheduler.config.k8s.io/v1 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' profiles: - schedulerName: "profile-default-plugins" - schedulerName: "profile-disable-all-filter-and-score-plugins" @@ -288,7 +288,7 @@ profiles: apiVersion: kubescheduler.config.k8s.io/v1 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' `, configKubeconfig)), os.FileMode(0600)); err != nil { t.Fatal(err) } @@ -299,7 +299,7 @@ clientConnection: apiVersion: kubescheduler.config.k8s.io/v1 kind: KubeSchedulerConfiguration clientConnection: - kubeconfig: "%s" + kubeconfig: '%s' leaderElection: leaseDuration: 1h `, configKubeconfig)), os.FileMode(0600)); err != nil { diff --git a/cmd/kubeadm/app/apis/kubeadm/validation/util_unix.go b/cmd/kubeadm/app/apis/kubeadm/validation/util_unix.go new file mode 100644 index 00000000000..fbaac20ab33 --- /dev/null +++ b/cmd/kubeadm/app/apis/kubeadm/validation/util_unix.go @@ -0,0 +1,28 @@ +//go:build !windows +// +build !windows + +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package validation + +import ( + "path/filepath" +) + +func isAbs(path string) bool { + return filepath.IsAbs(path) +} diff --git a/cmd/kubeadm/app/apis/kubeadm/validation/util_windows.go b/cmd/kubeadm/app/apis/kubeadm/validation/util_windows.go new file mode 100644 index 00000000000..86abd92642c --- /dev/null +++ b/cmd/kubeadm/app/apis/kubeadm/validation/util_windows.go @@ -0,0 +1,30 @@ +//go:build windows +// +build windows + +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package validation + +import ( + "path/filepath" +) + +func isAbs(path string) bool { + // on Windows, filepath.IsAbs will not return True for paths prefixed with a slash, even + // though they can be used as absolute paths (https://docs.microsoft.com/en-us/dotnet/standard/io/file-path-formats). + return filepath.IsAbs(path) || (len(path) > 0 && (path[0] == '\\' || path[0] == '/')) +} diff --git a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go index d2e6e692b57..20ed91cb1fa 100644 --- a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go +++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go @@ -21,7 +21,6 @@ import ( "net" "net/url" "os" - "path/filepath" "strconv" "strings" @@ -86,7 +85,7 @@ func ValidateJoinConfiguration(c *kubeadm.JoinConfiguration) field.ErrorList { allErrs = append(allErrs, ValidateNodeRegistrationOptions(&c.NodeRegistration, field.NewPath("nodeRegistration"))...) allErrs = append(allErrs, ValidateJoinControlPlane(c.ControlPlane, field.NewPath("controlPlane"))...) - if !filepath.IsAbs(c.CACertPath) || !strings.HasSuffix(c.CACertPath, ".crt") { + if !isAbs(c.CACertPath) || !strings.HasSuffix(c.CACertPath, ".crt") { allErrs = append(allErrs, field.Invalid(field.NewPath("caCertPath"), c.CACertPath, "the ca certificate path must be an absolute path")) } return allErrs @@ -525,7 +524,7 @@ func ValidateNetworking(c *kubeadm.ClusterConfiguration, fldPath *field.Path) fi // ValidateAbsolutePath validates whether provided path is absolute or not func ValidateAbsolutePath(path string, fldPath *field.Path) field.ErrorList { allErrs := field.ErrorList{} - if !filepath.IsAbs(path) { + if !isAbs(path) { allErrs = append(allErrs, field.Invalid(fldPath, path, "path is not absolute")) } return allErrs diff --git a/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go b/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go index 77840ba2572..b931e6fcecd 100644 --- a/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go +++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go @@ -17,6 +17,7 @@ limitations under the License. package validation import ( + "fmt" "os" "strings" "testing" @@ -110,8 +111,9 @@ func TestValidateNodeRegistrationOptions(t *testing.T) { {"valid-nodename", false}, // supported // test cases for criSocket are covered in TestValidateSocketPath } + criPath := fmt.Sprintf("%s:///some/path", kubeadmapiv1.DefaultContainerRuntimeURLScheme) for _, rt := range tests { - nro := kubeadmapi.NodeRegistrationOptions{Name: rt.nodeName, CRISocket: "unix:///some/path"} + nro := kubeadmapi.NodeRegistrationOptions{Name: rt.nodeName, CRISocket: criPath} actual := ValidateNodeRegistrationOptions(&nro, field.NewPath("nodeRegistration")) actualErrors := len(actual) > 0 if actualErrors != rt.expectedErrors { @@ -456,6 +458,7 @@ func TestValidateAPIEndpoint(t *testing.T) { // TODO: Create a separated test for ValidateClusterConfiguration func TestValidateInitConfiguration(t *testing.T) { nodename := "valid-nodename" + criPath := fmt.Sprintf("%s:///some/path", kubeadmapiv1.DefaultContainerRuntimeURLScheme) var tests = []struct { name string s *kubeadmapi.InitConfiguration @@ -476,7 +479,7 @@ func TestValidateInitConfiguration(t *testing.T) { }, CertificatesDir: "/some/cert/dir", }, - NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"}, + NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath}, }, false}, {"invalid missing token with IPv6 service subnet", &kubeadmapi.InitConfiguration{ @@ -491,7 +494,7 @@ func TestValidateInitConfiguration(t *testing.T) { }, CertificatesDir: "/some/cert/dir", }, - NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"}, + NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath}, }, false}, {"invalid missing node name", &kubeadmapi.InitConfiguration{ @@ -521,7 +524,7 @@ func TestValidateInitConfiguration(t *testing.T) { }, CertificatesDir: "/some/other/cert/dir", }, - NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"}, + NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath}, }, false}, {"valid InitConfiguration with IPv4 service subnet", &kubeadmapi.InitConfiguration{ @@ -542,7 +545,7 @@ func TestValidateInitConfiguration(t *testing.T) { }, CertificatesDir: "/some/other/cert/dir", }, - NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"}, + NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath}, }, true}, {"valid InitConfiguration using IPv6 service subnet", &kubeadmapi.InitConfiguration{ @@ -562,7 +565,7 @@ func TestValidateInitConfiguration(t *testing.T) { }, CertificatesDir: "/some/other/cert/dir", }, - NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"}, + NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath}, }, true}, } for _, rt := range tests { @@ -579,6 +582,7 @@ func TestValidateInitConfiguration(t *testing.T) { } func TestValidateJoinConfiguration(t *testing.T) { + criPath := fmt.Sprintf("%s:///var/run/containerd/containerd.sock", kubeadmapiv1.DefaultContainerRuntimeURLScheme) var tests = []struct { s *kubeadmapi.JoinConfiguration expected bool @@ -607,7 +611,7 @@ func TestValidateJoinConfiguration(t *testing.T) { }, NodeRegistration: kubeadmapi.NodeRegistrationOptions{ Name: "aaa", - CRISocket: "unix:///var/run/containerd/containerd.sock", + CRISocket: criPath, }, }, true}, {&kubeadmapi.JoinConfiguration{ // Pass with JoinControlPlane @@ -622,7 +626,7 @@ func TestValidateJoinConfiguration(t *testing.T) { }, NodeRegistration: kubeadmapi.NodeRegistrationOptions{ Name: "aaa", - CRISocket: "unix:///var/run/containerd/containerd.sock", + CRISocket: criPath, }, ControlPlane: &kubeadmapi.JoinControlPlane{ LocalAPIEndpoint: kubeadmapi.APIEndpoint{ @@ -643,7 +647,7 @@ func TestValidateJoinConfiguration(t *testing.T) { }, NodeRegistration: kubeadmapi.NodeRegistrationOptions{ Name: "aaa", - CRISocket: "unix:///var/run/containerd/containerd.sock", + CRISocket: criPath, }, ControlPlane: &kubeadmapi.JoinControlPlane{ LocalAPIEndpoint: kubeadmapi.APIEndpoint{ @@ -664,7 +668,7 @@ func TestValidateJoinConfiguration(t *testing.T) { }, NodeRegistration: kubeadmapi.NodeRegistrationOptions{ Name: "aaa", - CRISocket: "unix:///var/run/containerd/containerd.sock", + CRISocket: criPath, }, ControlPlane: &kubeadmapi.JoinControlPlane{ LocalAPIEndpoint: kubeadmapi.APIEndpoint{ @@ -1124,9 +1128,10 @@ func TestValidateEtcd(t *testing.T) { actual := ValidateEtcd(tc.etcd, field.NewPath("etcd")) actualErrors := len(actual) > 0 if actualErrors != tc.expectedErrors { - t.Errorf("Error: \n\texpected: %t\n\t actual: %t", + t.Errorf("Error: \n\texpected: %t\n\t actual: %t\n\t encountered errors: %v", tc.expectedErrors, actualErrors, + actual, ) } } diff --git a/cmd/kubeadm/app/constants/constants_test.go b/cmd/kubeadm/app/constants/constants_test.go index 09053631c74..ae991172e46 100644 --- a/cmd/kubeadm/app/constants/constants_test.go +++ b/cmd/kubeadm/app/constants/constants_test.go @@ -25,7 +25,7 @@ import ( ) func TestGetStaticPodDirectory(t *testing.T) { - expected := "/etc/kubernetes/manifests" + expected := filepath.FromSlash("/etc/kubernetes/manifests") actual := GetStaticPodDirectory() if actual != expected { @@ -51,7 +51,7 @@ func TestGetAdminKubeConfigPath(t *testing.T) { } func TestGetBootstrapKubeletKubeConfigPath(t *testing.T) { - expected := "/etc/kubernetes/bootstrap-kubelet.conf" + expected := filepath.FromSlash("/etc/kubernetes/bootstrap-kubelet.conf") actual := GetBootstrapKubeletKubeConfigPath() if actual != expected { @@ -64,7 +64,7 @@ func TestGetBootstrapKubeletKubeConfigPath(t *testing.T) { } func TestGetKubeletKubeConfigPath(t *testing.T) { - expected := "/etc/kubernetes/kubelet.conf" + expected := filepath.FromSlash("/etc/kubernetes/kubelet.conf") actual := GetKubeletKubeConfigPath() if actual != expected { @@ -99,7 +99,8 @@ func TestGetStaticPodFilepath(t *testing.T) { for _, rt := range tests { t.Run(rt.componentName, func(t *testing.T) { actual := GetStaticPodFilepath(rt.componentName, rt.manifestsDir) - if actual != rt.expected { + expected := filepath.FromSlash(rt.expected) + if actual != expected { t.Errorf( "failed GetStaticPodFilepath:\n\texpected: %s\n\t actual: %s", rt.expected, diff --git a/cmd/kubeadm/app/phases/controlplane/manifests_test.go b/cmd/kubeadm/app/phases/controlplane/manifests_test.go index 2e3e38f57b6..ba0d72bc316 100644 --- a/cmd/kubeadm/app/phases/controlplane/manifests_test.go +++ b/cmd/kubeadm/app/phases/controlplane/manifests_test.go @@ -205,31 +205,31 @@ func TestGetAPIServerCommand(t *testing.T) { "kube-apiserver", "--enable-admission-plugins=NodeRestriction", "--service-cluster-ip-range=bar", - "--service-account-key-file=" + testCertsDir + "/sa.pub", - "--service-account-signing-key-file=" + testCertsDir + "/sa.key", + "--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"), + "--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"), "--service-account-issuer=https://kubernetes.default.svc.cluster.local", - "--client-ca-file=" + testCertsDir + "/ca.crt", - "--tls-cert-file=" + testCertsDir + "/apiserver.crt", - "--tls-private-key-file=" + testCertsDir + "/apiserver.key", - "--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt", - "--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key", + "--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"), + "--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"), + "--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"), + "--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"), "--enable-bootstrap-token-auth=true", "--secure-port=123", "--allow-privileged=true", "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname", - "--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt", - "--proxy-client-key-file=/var/lib/certs/front-proxy-client.key", + "--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"), + "--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"), "--requestheader-username-headers=X-Remote-User", "--requestheader-group-headers=X-Remote-Group", "--requestheader-extra-headers-prefix=X-Remote-Extra-", - "--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt", + "--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"), "--requestheader-allowed-names=front-proxy-client", "--authorization-mode=Node,RBAC", "--advertise-address=1.2.3.4", fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort), - "--etcd-cafile=" + testCertsDir + "/etcd/ca.crt", - "--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt", - "--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key", + "--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"), + "--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"), + "--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"), }, }, { @@ -243,31 +243,31 @@ func TestGetAPIServerCommand(t *testing.T) { "kube-apiserver", "--enable-admission-plugins=NodeRestriction", "--service-cluster-ip-range=bar", - "--service-account-key-file=" + testCertsDir + "/sa.pub", - "--service-account-signing-key-file=" + testCertsDir + "/sa.key", + "--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"), + "--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"), "--service-account-issuer=https://kubernetes.default.svc.cluster.local", - "--client-ca-file=" + testCertsDir + "/ca.crt", - "--tls-cert-file=" + testCertsDir + "/apiserver.crt", - "--tls-private-key-file=" + testCertsDir + "/apiserver.key", - "--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt", - "--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key", + "--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"), + "--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"), + "--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"), + "--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"), "--enable-bootstrap-token-auth=true", fmt.Sprintf("--secure-port=%d", 123), "--allow-privileged=true", "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname", - "--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt", - "--proxy-client-key-file=/var/lib/certs/front-proxy-client.key", + "--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"), + "--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"), "--requestheader-username-headers=X-Remote-User", "--requestheader-group-headers=X-Remote-Group", "--requestheader-extra-headers-prefix=X-Remote-Extra-", - "--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt", + "--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"), "--requestheader-allowed-names=front-proxy-client", "--authorization-mode=Node,RBAC", "--advertise-address=2001:db8::1", fmt.Sprintf("--etcd-servers=https://[::1]:%d", kubeadmconstants.EtcdListenClientPort), - "--etcd-cafile=" + testCertsDir + "/etcd/ca.crt", - "--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt", - "--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key", + "--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"), + "--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"), + "--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"), }, }, { @@ -289,24 +289,24 @@ func TestGetAPIServerCommand(t *testing.T) { "kube-apiserver", "--enable-admission-plugins=NodeRestriction", "--service-cluster-ip-range=bar", - "--service-account-key-file=" + testCertsDir + "/sa.pub", - "--service-account-signing-key-file=" + testCertsDir + "/sa.key", + "--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"), + "--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"), "--service-account-issuer=https://kubernetes.default.svc.cluster.local", - "--client-ca-file=" + testCertsDir + "/ca.crt", - "--tls-cert-file=" + testCertsDir + "/apiserver.crt", - "--tls-private-key-file=" + testCertsDir + "/apiserver.key", - "--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt", - "--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key", + "--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"), + "--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"), + "--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"), + "--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"), fmt.Sprintf("--secure-port=%d", 123), "--allow-privileged=true", "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname", "--enable-bootstrap-token-auth=true", - "--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt", - "--proxy-client-key-file=/var/lib/certs/front-proxy-client.key", + "--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"), + "--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"), "--requestheader-username-headers=X-Remote-User", "--requestheader-group-headers=X-Remote-Group", "--requestheader-extra-headers-prefix=X-Remote-Extra-", - "--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt", + "--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"), "--requestheader-allowed-names=front-proxy-client", "--authorization-mode=Node,RBAC", "--advertise-address=2001:db8::1", @@ -332,24 +332,24 @@ func TestGetAPIServerCommand(t *testing.T) { "kube-apiserver", "--enable-admission-plugins=NodeRestriction", "--service-cluster-ip-range=bar", - "--service-account-key-file=" + testCertsDir + "/sa.pub", - "--service-account-signing-key-file=" + testCertsDir + "/sa.key", + "--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"), + "--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"), "--service-account-issuer=https://kubernetes.default.svc.cluster.local", - "--client-ca-file=" + testCertsDir + "/ca.crt", - "--tls-cert-file=" + testCertsDir + "/apiserver.crt", - "--tls-private-key-file=" + testCertsDir + "/apiserver.key", - "--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt", - "--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key", + "--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"), + "--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"), + "--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"), + "--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"), fmt.Sprintf("--secure-port=%d", 123), "--allow-privileged=true", "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname", "--enable-bootstrap-token-auth=true", - "--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt", - "--proxy-client-key-file=/var/lib/certs/front-proxy-client.key", + "--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"), + "--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"), "--requestheader-username-headers=X-Remote-User", "--requestheader-group-headers=X-Remote-Group", "--requestheader-extra-headers-prefix=X-Remote-Extra-", - "--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt", + "--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"), "--requestheader-allowed-names=front-proxy-client", "--authorization-mode=Node,RBAC", "--advertise-address=2001:db8::1", @@ -377,31 +377,31 @@ func TestGetAPIServerCommand(t *testing.T) { "kube-apiserver", "--enable-admission-plugins=NodeRestriction", "--service-cluster-ip-range=baz", - "--service-account-key-file=" + testCertsDir + "/sa.pub", - "--service-account-signing-key-file=" + testCertsDir + "/sa.key", + "--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"), + "--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"), "--service-account-issuer=https://kubernetes.default.svc.cluster.local", - "--client-ca-file=" + testCertsDir + "/ca.crt", - "--tls-cert-file=" + testCertsDir + "/apiserver.crt", - "--tls-private-key-file=" + testCertsDir + "/apiserver.key", - "--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt", - "--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key", + "--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"), + "--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"), + "--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"), + "--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"), "--enable-bootstrap-token-auth=true", "--secure-port=123", "--allow-privileged=true", "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname", - "--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt", - "--proxy-client-key-file=/var/lib/certs/front-proxy-client.key", + "--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"), + "--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"), "--requestheader-username-headers=X-Remote-User", "--requestheader-group-headers=X-Remote-Group", "--requestheader-extra-headers-prefix=X-Remote-Extra-", - "--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt", + "--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"), "--requestheader-allowed-names=front-proxy-client", "--authorization-mode=Node,RBAC", "--advertise-address=9.9.9.9", fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort), - "--etcd-cafile=" + testCertsDir + "/etcd/ca.crt", - "--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt", - "--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key", + "--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"), + "--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"), + "--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"), "--audit-policy-file=/etc/config/audit.yaml", "--audit-log-path=/var/log/kubernetes", }, @@ -424,31 +424,31 @@ func TestGetAPIServerCommand(t *testing.T) { "kube-apiserver", "--enable-admission-plugins=NodeRestriction", "--service-cluster-ip-range=bar", - "--service-account-key-file=" + testCertsDir + "/sa.pub", - "--service-account-signing-key-file=" + testCertsDir + "/sa.key", + "--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"), + "--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"), "--service-account-issuer=https://kubernetes.default.svc.cluster.local", - "--client-ca-file=" + testCertsDir + "/ca.crt", - "--tls-cert-file=" + testCertsDir + "/apiserver.crt", - "--tls-private-key-file=" + testCertsDir + "/apiserver.key", - "--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt", - "--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key", + "--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"), + "--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"), + "--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"), + "--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"), "--enable-bootstrap-token-auth=true", "--secure-port=123", "--allow-privileged=true", "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname", - "--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt", - "--proxy-client-key-file=/var/lib/certs/front-proxy-client.key", + "--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"), + "--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"), "--requestheader-username-headers=X-Remote-User", "--requestheader-group-headers=X-Remote-Group", "--requestheader-extra-headers-prefix=X-Remote-Extra-", - "--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt", + "--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"), "--requestheader-allowed-names=front-proxy-client", "--authorization-mode=ABAC", "--advertise-address=1.2.3.4", fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort), - "--etcd-cafile=" + testCertsDir + "/etcd/ca.crt", - "--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt", - "--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key", + "--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"), + "--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"), + "--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"), }, }, { @@ -473,31 +473,31 @@ func TestGetAPIServerCommand(t *testing.T) { "kube-apiserver", "--enable-admission-plugins=NodeRestriction", "--service-cluster-ip-range=bar", - "--service-account-key-file=" + testCertsDir + "/sa.pub", - "--service-account-signing-key-file=" + testCertsDir + "/sa.key", + "--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"), + "--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"), "--service-account-issuer=https://kubernetes.default.svc.cluster.local", - "--client-ca-file=" + testCertsDir + "/ca.crt", - "--tls-cert-file=" + testCertsDir + "/apiserver.crt", - "--tls-private-key-file=" + testCertsDir + "/apiserver.key", - "--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt", - "--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key", + "--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"), + "--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"), + "--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"), + "--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"), "--enable-bootstrap-token-auth=true", "--secure-port=123", "--allow-privileged=true", "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname", - "--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt", - "--proxy-client-key-file=/var/lib/certs/front-proxy-client.key", + "--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"), + "--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"), "--requestheader-username-headers=X-Remote-User", "--requestheader-group-headers=X-Remote-Group", "--requestheader-extra-headers-prefix=X-Remote-Extra-", - "--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt", + "--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"), "--requestheader-allowed-names=front-proxy-client", "--authorization-mode=Node,RBAC,Webhook", "--advertise-address=1.2.3.4", fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort), - "--etcd-cafile=" + testCertsDir + "/etcd/ca.crt", - "--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt", - "--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key", + "--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"), + "--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"), + "--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"), }, }, } @@ -549,17 +549,17 @@ func TestGetControllerManagerCommand(t *testing.T) { "kube-controller-manager", "--bind-address=127.0.0.1", "--leader-elect=true", - "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--root-ca-file=" + testCertsDir + "/ca.crt", - "--service-account-private-key-file=" + testCertsDir + "/sa.key", - "--cluster-signing-cert-file=" + testCertsDir + "/ca.crt", - "--cluster-signing-key-file=" + testCertsDir + "/ca.key", + "--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"), + "--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"), "--use-service-account-credentials=true", "--controllers=*,bootstrapsigner,tokencleaner", - "--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--client-ca-file=" + testCertsDir + "/ca.crt", - "--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt", + "--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"), "--cluster-name=some-other-cluster-name", }, }, @@ -573,17 +573,17 @@ func TestGetControllerManagerCommand(t *testing.T) { "kube-controller-manager", "--bind-address=127.0.0.1", "--leader-elect=true", - "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--root-ca-file=" + testCertsDir + "/ca.crt", - "--service-account-private-key-file=" + testCertsDir + "/sa.key", - "--cluster-signing-cert-file=" + testCertsDir + "/ca.crt", - "--cluster-signing-key-file=" + testCertsDir + "/ca.key", + "--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"), + "--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"), "--use-service-account-credentials=true", "--controllers=*,bootstrapsigner,tokencleaner", - "--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--client-ca-file=" + testCertsDir + "/ca.crt", - "--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt", + "--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"), }, }, { @@ -597,17 +597,17 @@ func TestGetControllerManagerCommand(t *testing.T) { "kube-controller-manager", "--bind-address=127.0.0.1", "--leader-elect=true", - "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--root-ca-file=" + testCertsDir + "/ca.crt", - "--service-account-private-key-file=" + testCertsDir + "/sa.key", - "--cluster-signing-cert-file=" + testCertsDir + "/ca.crt", - "--cluster-signing-key-file=" + testCertsDir + "/ca.key", + "--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"), + "--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"), "--use-service-account-credentials=true", "--controllers=*,bootstrapsigner,tokencleaner", - "--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--client-ca-file=" + testCertsDir + "/ca.crt", - "--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt", + "--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"), "--allocate-node-cidrs=true", "--cluster-cidr=10.0.1.15/16", }, @@ -627,17 +627,17 @@ func TestGetControllerManagerCommand(t *testing.T) { "kube-controller-manager", "--bind-address=127.0.0.1", "--leader-elect=true", - "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--root-ca-file=" + testCertsDir + "/ca.crt", - "--service-account-private-key-file=" + testCertsDir + "/sa.key", - "--cluster-signing-cert-file=" + testCertsDir + "/ca.crt", - "--cluster-signing-key-file=" + testCertsDir + "/ca.key", + "--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"), + "--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"), "--use-service-account-credentials=true", "--controllers=*,bootstrapsigner,tokencleaner", - "--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--client-ca-file=" + testCertsDir + "/ca.crt", - "--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt", + "--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"), "--allocate-node-cidrs=true", "--cluster-cidr=10.0.1.15/16", "--service-cluster-ip-range=172.20.0.0/24", @@ -657,17 +657,17 @@ func TestGetControllerManagerCommand(t *testing.T) { "kube-controller-manager", "--bind-address=127.0.0.1", "--leader-elect=true", - "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--root-ca-file=" + testCertsDir + "/ca.crt", - "--service-account-private-key-file=" + testCertsDir + "/sa.key", - "--cluster-signing-cert-file=" + testCertsDir + "/ca.crt", - "--cluster-signing-key-file=" + testCertsDir + "/ca.key", + "--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"), + "--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"), "--use-service-account-credentials=true", "--controllers=*,bootstrapsigner,tokencleaner", - "--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--client-ca-file=" + testCertsDir + "/ca.crt", - "--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt", + "--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"), "--allocate-node-cidrs=true", "--cluster-cidr=10.0.1.15/16", "--node-cidr-mask-size=20", @@ -689,17 +689,17 @@ func TestGetControllerManagerCommand(t *testing.T) { "kube-controller-manager", "--bind-address=127.0.0.1", "--leader-elect=true", - "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--root-ca-file=" + testCertsDir + "/ca.crt", - "--service-account-private-key-file=" + testCertsDir + "/sa.key", - "--cluster-signing-cert-file=" + testCertsDir + "/ca.crt", - "--cluster-signing-key-file=" + testCertsDir + "/ca.key", + "--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"), + "--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"), "--use-service-account-credentials=true", "--controllers=*,bootstrapsigner,tokencleaner", - "--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--client-ca-file=" + testCertsDir + "/ca.crt", - "--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt", + "--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"), "--allocate-node-cidrs=true", "--cluster-cidr=2001:db8::/64", "--service-cluster-ip-range=fd03::/112", @@ -723,17 +723,17 @@ func TestGetControllerManagerCommand(t *testing.T) { "kube-controller-manager", "--bind-address=127.0.0.1", "--leader-elect=true", - "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--root-ca-file=" + testCertsDir + "/ca.crt", - "--service-account-private-key-file=" + testCertsDir + "/sa.key", - "--cluster-signing-cert-file=" + testCertsDir + "/ca.crt", - "--cluster-signing-key-file=" + testCertsDir + "/ca.key", + "--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"), + "--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"), "--use-service-account-credentials=true", "--controllers=*,bootstrapsigner,tokencleaner", - "--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--client-ca-file=" + testCertsDir + "/ca.crt", - "--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt", + "--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"), "--allocate-node-cidrs=false", "--cluster-cidr=2001:db8::/64", "--service-cluster-ip-range=fd03::/112", @@ -754,17 +754,17 @@ func TestGetControllerManagerCommand(t *testing.T) { "kube-controller-manager", "--bind-address=127.0.0.1", "--leader-elect=true", - "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--root-ca-file=" + testCertsDir + "/ca.crt", - "--service-account-private-key-file=" + testCertsDir + "/sa.key", - "--cluster-signing-cert-file=" + testCertsDir + "/ca.crt", - "--cluster-signing-key-file=" + testCertsDir + "/ca.key", + "--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"), + "--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"), "--use-service-account-credentials=true", "--controllers=*,bootstrapsigner,tokencleaner", - "--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--client-ca-file=" + testCertsDir + "/ca.crt", - "--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt", + "--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"), "--allocate-node-cidrs=true", "--cluster-cidr=2001:db8::/64,10.1.0.0/16", "--service-cluster-ip-range=fd03::/112,192.168.0.0/16", @@ -787,17 +787,17 @@ func TestGetControllerManagerCommand(t *testing.T) { "kube-controller-manager", "--bind-address=127.0.0.1", "--leader-elect=true", - "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--root-ca-file=" + testCertsDir + "/ca.crt", - "--service-account-private-key-file=" + testCertsDir + "/sa.key", - "--cluster-signing-cert-file=" + testCertsDir + "/ca.crt", - "--cluster-signing-key-file=" + testCertsDir + "/ca.key", + "--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"), + "--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"), "--use-service-account-credentials=true", "--controllers=*,bootstrapsigner,tokencleaner", - "--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--client-ca-file=" + testCertsDir + "/ca.crt", - "--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt", + "--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"), + "--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"), "--allocate-node-cidrs=true", "--cluster-cidr=10.0.1.15/16,2001:db8::/64", "--node-cidr-mask-size-ipv4=20", @@ -840,17 +840,17 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) { "kube-controller-manager", "--bind-address=127.0.0.1", "--leader-elect=true", - "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--root-ca-file=" + tmpdir + "/ca.crt", - "--service-account-private-key-file=" + tmpdir + "/sa.key", + "--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--root-ca-file=" + filepath.Join(tmpdir, "ca.crt"), + "--service-account-private-key-file=" + filepath.Join(tmpdir, "sa.key"), "--cluster-signing-cert-file=", "--cluster-signing-key-file=", "--use-service-account-credentials=true", "--controllers=*,bootstrapsigner,tokencleaner", - "--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--client-ca-file=" + tmpdir + "/ca.crt", - "--requestheader-client-ca-file=" + tmpdir + "/front-proxy-ca.crt", + "--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--client-ca-file=" + filepath.Join(tmpdir, "ca.crt"), + "--requestheader-client-ca-file=" + filepath.Join(tmpdir, "front-proxy-ca.crt"), } }, }, @@ -869,17 +869,17 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) { "kube-controller-manager", "--bind-address=127.0.0.1", "--leader-elect=true", - "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--root-ca-file=" + tmpdir + "/ca.crt", - "--service-account-private-key-file=" + tmpdir + "/sa.key", - "--cluster-signing-cert-file=" + tmpdir + "/ca.crt", - "--cluster-signing-key-file=" + tmpdir + "/ca.key", + "--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--root-ca-file=" + filepath.Join(tmpdir, "ca.crt"), + "--service-account-private-key-file=" + filepath.Join(tmpdir, "sa.key"), + "--cluster-signing-cert-file=" + filepath.Join(tmpdir, "ca.crt"), + "--cluster-signing-key-file=" + filepath.Join(tmpdir, "ca.key"), "--use-service-account-credentials=true", "--controllers=*,bootstrapsigner,tokencleaner", - "--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf", - "--client-ca-file=" + tmpdir + "/ca.crt", - "--requestheader-client-ca-file=" + tmpdir + "/front-proxy-ca.crt", + "--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"), + "--client-ca-file=" + filepath.Join(tmpdir, "ca.crt"), + "--requestheader-client-ca-file=" + filepath.Join(tmpdir, "front-proxy-ca.crt"), } }, }, @@ -932,9 +932,9 @@ func TestGetSchedulerCommand(t *testing.T) { "kube-scheduler", "--bind-address=127.0.0.1", "--leader-elect=true", - "--kubeconfig=" + kubeadmconstants.KubernetesDir + "/scheduler.conf", - "--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/scheduler.conf", - "--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/scheduler.conf", + "--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "scheduler.conf"), + "--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "scheduler.conf"), + "--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "scheduler.conf"), }, }, } diff --git a/cmd/kubeadm/app/phases/controlplane/volumes.go b/cmd/kubeadm/app/phases/controlplane/volumes.go index 29ceb046a00..51276a0ddcc 100644 --- a/cmd/kubeadm/app/phases/controlplane/volumes.go +++ b/cmd/kubeadm/app/phases/controlplane/volumes.go @@ -177,7 +177,7 @@ func getEtcdCertVolumes(etcdCfg *kubeadmapi.ExternalEtcd, k8sCertificatesDir str certPaths := []string{etcdCfg.CAFile, etcdCfg.CertFile, etcdCfg.KeyFile} certDirs := sets.NewString() for _, certPath := range certPaths { - certDir := filepath.Dir(certPath) + certDir := filepath.ToSlash(filepath.Dir(certPath)) // Ignore ".", which is the result of passing an empty path. // Also ignore the cert directories that already may be mounted; /etc/ssl/certs, /etc/pki or Kubernetes CertificatesDir // If the etcd certs are in there, it's okay, we don't have to do anything diff --git a/cmd/kubeadm/app/phases/controlplane/volumes_test.go b/cmd/kubeadm/app/phases/controlplane/volumes_test.go index 2c541ae648a..d51422cfbd1 100644 --- a/cmd/kubeadm/app/phases/controlplane/volumes_test.go +++ b/cmd/kubeadm/app/phases/controlplane/volumes_test.go @@ -19,6 +19,7 @@ package controlplane import ( "fmt" "os" + "path/filepath" "reflect" "testing" @@ -260,6 +261,8 @@ func TestGetEtcdCertVolumes(t *testing.T) { func TestGetHostPathVolumesForTheControlPlane(t *testing.T) { hostPathDirectoryOrCreate := v1.HostPathDirectoryOrCreate hostPathFileOrCreate := v1.HostPathFileOrCreate + controllerManagerConfig := filepath.FromSlash("/etc/kubernetes/controller-manager.conf") + schedulerConfig := filepath.FromSlash("/etc/kubernetes/scheduler.conf") volMap := make(map[string]map[string]v1.Volume) volMap[kubeadmconstants.KubeAPIServer] = map[string]v1.Volume{} volMap[kubeadmconstants.KubeAPIServer]["k8s-certs"] = v1.Volume{ @@ -303,7 +306,7 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) { Name: "kubeconfig", VolumeSource: v1.VolumeSource{ HostPath: &v1.HostPathVolumeSource{ - Path: "/etc/kubernetes/controller-manager.conf", + Path: controllerManagerConfig, Type: &hostPathFileOrCreate, }, }, @@ -313,7 +316,7 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) { Name: "kubeconfig", VolumeSource: v1.VolumeSource{ HostPath: &v1.HostPathVolumeSource{ - Path: "/etc/kubernetes/scheduler.conf", + Path: schedulerConfig, Type: &hostPathFileOrCreate, }, }, @@ -343,13 +346,13 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) { } volMountMap[kubeadmconstants.KubeControllerManager]["kubeconfig"] = v1.VolumeMount{ Name: "kubeconfig", - MountPath: "/etc/kubernetes/controller-manager.conf", + MountPath: controllerManagerConfig, ReadOnly: true, } volMountMap[kubeadmconstants.KubeScheduler] = map[string]v1.VolumeMount{} volMountMap[kubeadmconstants.KubeScheduler]["kubeconfig"] = v1.VolumeMount{ Name: "kubeconfig", - MountPath: "/etc/kubernetes/scheduler.conf", + MountPath: schedulerConfig, ReadOnly: true, } @@ -414,7 +417,7 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) { Name: "kubeconfig", VolumeSource: v1.VolumeSource{ HostPath: &v1.HostPathVolumeSource{ - Path: "/etc/kubernetes/controller-manager.conf", + Path: controllerManagerConfig, Type: &hostPathFileOrCreate, }, }, @@ -424,7 +427,7 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) { Name: "kubeconfig", VolumeSource: v1.VolumeSource{ HostPath: &v1.HostPathVolumeSource{ - Path: "/etc/kubernetes/scheduler.conf", + Path: schedulerConfig, Type: &hostPathFileOrCreate, }, }, @@ -464,13 +467,13 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) { } volMountMap2[kubeadmconstants.KubeControllerManager]["kubeconfig"] = v1.VolumeMount{ Name: "kubeconfig", - MountPath: "/etc/kubernetes/controller-manager.conf", + MountPath: controllerManagerConfig, ReadOnly: true, } volMountMap2[kubeadmconstants.KubeScheduler] = map[string]v1.VolumeMount{} volMountMap2[kubeadmconstants.KubeScheduler]["kubeconfig"] = v1.VolumeMount{ Name: "kubeconfig", - MountPath: "/etc/kubernetes/scheduler.conf", + MountPath: schedulerConfig, ReadOnly: true, } var tests = []struct { diff --git a/cmd/kubeadm/app/phases/etcd/local_test.go b/cmd/kubeadm/app/phases/etcd/local_test.go index 06978b6ef2c..2b32b287be5 100644 --- a/cmd/kubeadm/app/phases/etcd/local_test.go +++ b/cmd/kubeadm/app/phases/etcd/local_test.go @@ -184,13 +184,13 @@ func TestGetEtcdCommand(t *testing.T) { fmt.Sprintf("--listen-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort), fmt.Sprintf("--initial-advertise-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort), "--data-dir=/var/lib/etcd", - "--cert-file=" + kubeadmconstants.EtcdServerCertName, - "--key-file=" + kubeadmconstants.EtcdServerKeyName, - "--trusted-ca-file=" + kubeadmconstants.EtcdCACertName, + "--cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerCertName), + "--key-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerKeyName), + "--trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName), "--client-cert-auth=true", - "--peer-cert-file=" + kubeadmconstants.EtcdPeerCertName, - "--peer-key-file=" + kubeadmconstants.EtcdPeerKeyName, - "--peer-trusted-ca-file=" + kubeadmconstants.EtcdCACertName, + "--peer-cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerCertName), + "--peer-key-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerKeyName), + "--peer-trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName), "--snapshot-count=10000", "--peer-client-cert-auth=true", fmt.Sprintf("--initial-cluster=foo=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort), @@ -215,13 +215,13 @@ func TestGetEtcdCommand(t *testing.T) { fmt.Sprintf("--listen-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort), fmt.Sprintf("--initial-advertise-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort), "--data-dir=/var/lib/etcd", - "--cert-file=" + kubeadmconstants.EtcdServerCertName, - "--key-file=" + kubeadmconstants.EtcdServerKeyName, - "--trusted-ca-file=" + kubeadmconstants.EtcdCACertName, + "--cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerCertName), + "--key-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerKeyName), + "--trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName), "--client-cert-auth=true", - "--peer-cert-file=" + kubeadmconstants.EtcdPeerCertName, - "--peer-key-file=" + kubeadmconstants.EtcdPeerKeyName, - "--peer-trusted-ca-file=" + kubeadmconstants.EtcdCACertName, + "--peer-cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerCertName), + "--peer-key-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerKeyName), + "--peer-trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName), "--snapshot-count=10000", "--peer-client-cert-auth=true", "--initial-cluster-state=existing", @@ -247,13 +247,13 @@ func TestGetEtcdCommand(t *testing.T) { fmt.Sprintf("--listen-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort), fmt.Sprintf("--initial-advertise-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort), "--data-dir=/var/lib/etcd", - "--cert-file=" + kubeadmconstants.EtcdServerCertName, - "--key-file=" + kubeadmconstants.EtcdServerKeyName, - "--trusted-ca-file=" + kubeadmconstants.EtcdCACertName, + "--cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerCertName), + "--key-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerKeyName), + "--trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName), "--client-cert-auth=true", - "--peer-cert-file=" + kubeadmconstants.EtcdPeerCertName, - "--peer-key-file=" + kubeadmconstants.EtcdPeerKeyName, - "--peer-trusted-ca-file=" + kubeadmconstants.EtcdCACertName, + "--peer-cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerCertName), + "--peer-key-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerKeyName), + "--peer-trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName), "--snapshot-count=10000", "--peer-client-cert-auth=true", fmt.Sprintf("--initial-cluster=bar=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort), @@ -274,13 +274,13 @@ func TestGetEtcdCommand(t *testing.T) { fmt.Sprintf("--listen-peer-urls=https://[2001:db8::3]:%d", kubeadmconstants.EtcdListenPeerPort), fmt.Sprintf("--initial-advertise-peer-urls=https://[2001:db8::3]:%d", kubeadmconstants.EtcdListenPeerPort), "--data-dir=/var/lib/etcd", - "--cert-file=" + kubeadmconstants.EtcdServerCertName, - "--key-file=" + kubeadmconstants.EtcdServerKeyName, - "--trusted-ca-file=" + kubeadmconstants.EtcdCACertName, + "--cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerCertName), + "--key-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerKeyName), + "--trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName), "--client-cert-auth=true", - "--peer-cert-file=" + kubeadmconstants.EtcdPeerCertName, - "--peer-key-file=" + kubeadmconstants.EtcdPeerKeyName, - "--peer-trusted-ca-file=" + kubeadmconstants.EtcdCACertName, + "--peer-cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerCertName), + "--peer-key-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerKeyName), + "--peer-trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName), "--snapshot-count=10000", "--peer-client-cert-auth=true", fmt.Sprintf("--initial-cluster=foo=https://[2001:db8::3]:%d", kubeadmconstants.EtcdListenPeerPort), diff --git a/cmd/kubeadm/app/phases/upgrade/postupgrade_test.go b/cmd/kubeadm/app/phases/upgrade/postupgrade_test.go index 10ec6fe6d13..b430463b1b0 100644 --- a/cmd/kubeadm/app/phases/upgrade/postupgrade_test.go +++ b/cmd/kubeadm/app/phases/upgrade/postupgrade_test.go @@ -39,14 +39,14 @@ func TestMoveFiles(t *testing.T) { if err != nil { t.Fatalf("Failed to create cert file %s: %v", certPath, err) } - defer certFile.Close() + certFile.Close() keyPath := filepath.Join(tmpdir, constants.APIServerKeyName) keyFile, err := os.OpenFile(keyPath, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0666) if err != nil { t.Fatalf("Failed to create key file %s: %v", keyPath, err) } - defer keyFile.Close() + keyFile.Close() subDir := filepath.Join(tmpdir, "expired") if err := os.Mkdir(subDir, 0766); err != nil { diff --git a/cmd/kubeadm/app/util/pkiutil/pki_helpers_test.go b/cmd/kubeadm/app/util/pkiutil/pki_helpers_test.go index 8eb8a8310c1..9a4590814be 100644 --- a/cmd/kubeadm/app/util/pkiutil/pki_helpers_test.go +++ b/cmd/kubeadm/app/util/pkiutil/pki_helpers_test.go @@ -25,6 +25,7 @@ import ( "fmt" "net" "os" + "path/filepath" "reflect" "testing" @@ -538,38 +539,44 @@ func TestTryLoadKeyFromDisk(t *testing.T) { func TestPathsForCertAndKey(t *testing.T) { crtPath, keyPath := PathsForCertAndKey("/foo", "bar") - if crtPath != "/foo/bar.crt" { + expectedPath := filepath.FromSlash("/foo/bar.crt") + if crtPath != expectedPath { t.Errorf("unexpected certificate path: %s", crtPath) } - if keyPath != "/foo/bar.key" { + expectedPath = filepath.FromSlash("/foo/bar.key") + if keyPath != expectedPath { t.Errorf("unexpected key path: %s", keyPath) } } func TestPathForCert(t *testing.T) { crtPath := pathForCert("/foo", "bar") - if crtPath != "/foo/bar.crt" { + expectedPath := filepath.FromSlash("/foo/bar.crt") + if crtPath != expectedPath { t.Errorf("unexpected certificate path: %s", crtPath) } } func TestPathForKey(t *testing.T) { keyPath := pathForKey("/foo", "bar") - if keyPath != "/foo/bar.key" { + expectedPath := filepath.FromSlash("/foo/bar.key") + if keyPath != expectedPath { t.Errorf("unexpected certificate path: %s", keyPath) } } func TestPathForPublicKey(t *testing.T) { pubPath := pathForPublicKey("/foo", "bar") - if pubPath != "/foo/bar.pub" { + expectedPath := filepath.FromSlash("/foo/bar.pub") + if pubPath != expectedPath { t.Errorf("unexpected certificate path: %s", pubPath) } } func TestPathForCSR(t *testing.T) { csrPath := pathForCSR("/foo", "bar") - if csrPath != "/foo/bar.csr" { + expectedPath := filepath.FromSlash("/foo/bar.csr") + if csrPath != expectedPath { t.Errorf("unexpected certificate path: %s", csrPath) } }