mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 11:21:47 +00:00
Merge pull request #111076 from claudiubelu/unittests-6
unittests: Fixes cmd unit tests for Windows
This commit is contained in:
commit
05f17ee5d6
@ -82,7 +82,7 @@ func TestSchedulerOptions(t *testing.T) {
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1
|
apiVersion: kubescheduler.config.k8s.io/v1
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
leaderElection:
|
leaderElection:
|
||||||
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
@ -114,7 +114,7 @@ users:
|
|||||||
apiVersion: componentconfig/v1alpha1
|
apiVersion: componentconfig/v1alpha1
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
leaderElection:
|
leaderElection:
|
||||||
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
@ -125,7 +125,7 @@ leaderElection:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1beta3
|
apiVersion: kubescheduler.config.k8s.io/v1beta3
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
leaderElection:
|
leaderElection:
|
||||||
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
@ -136,7 +136,7 @@ leaderElection:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1beta2
|
apiVersion: kubescheduler.config.k8s.io/v1beta2
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
leaderElection:
|
leaderElection:
|
||||||
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
@ -147,7 +147,7 @@ leaderElection:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/unknown
|
apiVersion: kubescheduler.config.k8s.io/unknown
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
leaderElection:
|
leaderElection:
|
||||||
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
@ -157,7 +157,7 @@ leaderElection:
|
|||||||
if err := os.WriteFile(noVersionConfig, []byte(fmt.Sprintf(`
|
if err := os.WriteFile(noVersionConfig, []byte(fmt.Sprintf(`
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
leaderElection:
|
leaderElection:
|
||||||
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
@ -168,7 +168,7 @@ leaderElection:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1
|
apiVersion: kubescheduler.config.k8s.io/v1
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
leaderElection:
|
leaderElection:
|
||||||
leaderElect: true
|
leaderElect: true
|
||||||
foo: bar`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
foo: bar`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
||||||
@ -180,7 +180,7 @@ foo: bar`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1
|
apiVersion: kubescheduler.config.k8s.io/v1
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
leaderElection:
|
leaderElection:
|
||||||
leaderElect: true
|
leaderElect: true
|
||||||
leaderElect: false`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
leaderElect: false`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
||||||
@ -217,7 +217,7 @@ users:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1
|
apiVersion: kubescheduler.config.k8s.io/v1
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
profiles:
|
profiles:
|
||||||
- plugins:
|
- plugins:
|
||||||
reserve:
|
reserve:
|
||||||
@ -248,7 +248,7 @@ profiles:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1beta3
|
apiVersion: kubescheduler.config.k8s.io/v1beta3
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
profiles:
|
profiles:
|
||||||
- plugins:
|
- plugins:
|
||||||
reserve:
|
reserve:
|
||||||
@ -279,7 +279,7 @@ profiles:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1beta2
|
apiVersion: kubescheduler.config.k8s.io/v1beta2
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
profiles:
|
profiles:
|
||||||
- plugins:
|
- plugins:
|
||||||
reserve:
|
reserve:
|
||||||
@ -310,7 +310,7 @@ profiles:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1
|
apiVersion: kubescheduler.config.k8s.io/v1
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
profiles:
|
profiles:
|
||||||
- schedulerName: "foo-profile"
|
- schedulerName: "foo-profile"
|
||||||
plugins:
|
plugins:
|
||||||
@ -337,7 +337,7 @@ profiles:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1beta3
|
apiVersion: kubescheduler.config.k8s.io/v1beta3
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
profiles:
|
profiles:
|
||||||
- schedulerName: "foo-profile"
|
- schedulerName: "foo-profile"
|
||||||
plugins:
|
plugins:
|
||||||
@ -364,7 +364,7 @@ profiles:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1beta2
|
apiVersion: kubescheduler.config.k8s.io/v1beta2
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
profiles:
|
profiles:
|
||||||
- schedulerName: "foo-profile"
|
- schedulerName: "foo-profile"
|
||||||
plugins:
|
plugins:
|
||||||
|
@ -88,7 +88,7 @@ users:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1
|
apiVersion: kubescheduler.config.k8s.io/v1
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
profiles:
|
profiles:
|
||||||
- plugins:
|
- plugins:
|
||||||
multiPoint:
|
multiPoint:
|
||||||
@ -126,7 +126,7 @@ profiles:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1beta3
|
apiVersion: kubescheduler.config.k8s.io/v1beta3
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
profiles:
|
profiles:
|
||||||
- plugins:
|
- plugins:
|
||||||
multiPoint:
|
multiPoint:
|
||||||
@ -164,7 +164,7 @@ profiles:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1beta2
|
apiVersion: kubescheduler.config.k8s.io/v1beta2
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
profiles:
|
profiles:
|
||||||
- plugins:
|
- plugins:
|
||||||
preFilter:
|
preFilter:
|
||||||
@ -201,7 +201,7 @@ profiles:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1beta3
|
apiVersion: kubescheduler.config.k8s.io/v1beta3
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
profiles:
|
profiles:
|
||||||
- plugins:
|
- plugins:
|
||||||
preFilter:
|
preFilter:
|
||||||
@ -220,7 +220,7 @@ profiles:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1beta3
|
apiVersion: kubescheduler.config.k8s.io/v1beta3
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
profiles:
|
profiles:
|
||||||
- plugins:
|
- plugins:
|
||||||
preFilter:
|
preFilter:
|
||||||
@ -239,7 +239,7 @@ profiles:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1beta2
|
apiVersion: kubescheduler.config.k8s.io/v1beta2
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
profiles:
|
profiles:
|
||||||
- plugins:
|
- plugins:
|
||||||
preFilter:
|
preFilter:
|
||||||
@ -258,7 +258,7 @@ profiles:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1
|
apiVersion: kubescheduler.config.k8s.io/v1
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
profiles:
|
profiles:
|
||||||
- schedulerName: "profile-default-plugins"
|
- schedulerName: "profile-default-plugins"
|
||||||
- schedulerName: "profile-disable-all-filter-and-score-plugins"
|
- schedulerName: "profile-disable-all-filter-and-score-plugins"
|
||||||
@ -288,7 +288,7 @@ profiles:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1
|
apiVersion: kubescheduler.config.k8s.io/v1
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
@ -299,7 +299,7 @@ clientConnection:
|
|||||||
apiVersion: kubescheduler.config.k8s.io/v1
|
apiVersion: kubescheduler.config.k8s.io/v1
|
||||||
kind: KubeSchedulerConfiguration
|
kind: KubeSchedulerConfiguration
|
||||||
clientConnection:
|
clientConnection:
|
||||||
kubeconfig: "%s"
|
kubeconfig: '%s'
|
||||||
leaderElection:
|
leaderElection:
|
||||||
leaseDuration: 1h
|
leaseDuration: 1h
|
||||||
`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
`, configKubeconfig)), os.FileMode(0600)); err != nil {
|
||||||
|
28
cmd/kubeadm/app/apis/kubeadm/validation/util_unix.go
Normal file
28
cmd/kubeadm/app/apis/kubeadm/validation/util_unix.go
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
//go:build !windows
|
||||||
|
// +build !windows
|
||||||
|
|
||||||
|
/*
|
||||||
|
Copyright 2022 The Kubernetes Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package validation
|
||||||
|
|
||||||
|
import (
|
||||||
|
"path/filepath"
|
||||||
|
)
|
||||||
|
|
||||||
|
func isAbs(path string) bool {
|
||||||
|
return filepath.IsAbs(path)
|
||||||
|
}
|
30
cmd/kubeadm/app/apis/kubeadm/validation/util_windows.go
Normal file
30
cmd/kubeadm/app/apis/kubeadm/validation/util_windows.go
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
//go:build windows
|
||||||
|
// +build windows
|
||||||
|
|
||||||
|
/*
|
||||||
|
Copyright 2022 The Kubernetes Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package validation
|
||||||
|
|
||||||
|
import (
|
||||||
|
"path/filepath"
|
||||||
|
)
|
||||||
|
|
||||||
|
func isAbs(path string) bool {
|
||||||
|
// on Windows, filepath.IsAbs will not return True for paths prefixed with a slash, even
|
||||||
|
// though they can be used as absolute paths (https://docs.microsoft.com/en-us/dotnet/standard/io/file-path-formats).
|
||||||
|
return filepath.IsAbs(path) || (len(path) > 0 && (path[0] == '\\' || path[0] == '/'))
|
||||||
|
}
|
@ -21,7 +21,6 @@ import (
|
|||||||
"net"
|
"net"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
@ -86,7 +85,7 @@ func ValidateJoinConfiguration(c *kubeadm.JoinConfiguration) field.ErrorList {
|
|||||||
allErrs = append(allErrs, ValidateNodeRegistrationOptions(&c.NodeRegistration, field.NewPath("nodeRegistration"))...)
|
allErrs = append(allErrs, ValidateNodeRegistrationOptions(&c.NodeRegistration, field.NewPath("nodeRegistration"))...)
|
||||||
allErrs = append(allErrs, ValidateJoinControlPlane(c.ControlPlane, field.NewPath("controlPlane"))...)
|
allErrs = append(allErrs, ValidateJoinControlPlane(c.ControlPlane, field.NewPath("controlPlane"))...)
|
||||||
|
|
||||||
if !filepath.IsAbs(c.CACertPath) || !strings.HasSuffix(c.CACertPath, ".crt") {
|
if !isAbs(c.CACertPath) || !strings.HasSuffix(c.CACertPath, ".crt") {
|
||||||
allErrs = append(allErrs, field.Invalid(field.NewPath("caCertPath"), c.CACertPath, "the ca certificate path must be an absolute path"))
|
allErrs = append(allErrs, field.Invalid(field.NewPath("caCertPath"), c.CACertPath, "the ca certificate path must be an absolute path"))
|
||||||
}
|
}
|
||||||
return allErrs
|
return allErrs
|
||||||
@ -525,7 +524,7 @@ func ValidateNetworking(c *kubeadm.ClusterConfiguration, fldPath *field.Path) fi
|
|||||||
// ValidateAbsolutePath validates whether provided path is absolute or not
|
// ValidateAbsolutePath validates whether provided path is absolute or not
|
||||||
func ValidateAbsolutePath(path string, fldPath *field.Path) field.ErrorList {
|
func ValidateAbsolutePath(path string, fldPath *field.Path) field.ErrorList {
|
||||||
allErrs := field.ErrorList{}
|
allErrs := field.ErrorList{}
|
||||||
if !filepath.IsAbs(path) {
|
if !isAbs(path) {
|
||||||
allErrs = append(allErrs, field.Invalid(fldPath, path, "path is not absolute"))
|
allErrs = append(allErrs, field.Invalid(fldPath, path, "path is not absolute"))
|
||||||
}
|
}
|
||||||
return allErrs
|
return allErrs
|
||||||
|
@ -17,6 +17,7 @@ limitations under the License.
|
|||||||
package validation
|
package validation
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
@ -110,8 +111,9 @@ func TestValidateNodeRegistrationOptions(t *testing.T) {
|
|||||||
{"valid-nodename", false}, // supported
|
{"valid-nodename", false}, // supported
|
||||||
// test cases for criSocket are covered in TestValidateSocketPath
|
// test cases for criSocket are covered in TestValidateSocketPath
|
||||||
}
|
}
|
||||||
|
criPath := fmt.Sprintf("%s:///some/path", kubeadmapiv1.DefaultContainerRuntimeURLScheme)
|
||||||
for _, rt := range tests {
|
for _, rt := range tests {
|
||||||
nro := kubeadmapi.NodeRegistrationOptions{Name: rt.nodeName, CRISocket: "unix:///some/path"}
|
nro := kubeadmapi.NodeRegistrationOptions{Name: rt.nodeName, CRISocket: criPath}
|
||||||
actual := ValidateNodeRegistrationOptions(&nro, field.NewPath("nodeRegistration"))
|
actual := ValidateNodeRegistrationOptions(&nro, field.NewPath("nodeRegistration"))
|
||||||
actualErrors := len(actual) > 0
|
actualErrors := len(actual) > 0
|
||||||
if actualErrors != rt.expectedErrors {
|
if actualErrors != rt.expectedErrors {
|
||||||
@ -456,6 +458,7 @@ func TestValidateAPIEndpoint(t *testing.T) {
|
|||||||
// TODO: Create a separated test for ValidateClusterConfiguration
|
// TODO: Create a separated test for ValidateClusterConfiguration
|
||||||
func TestValidateInitConfiguration(t *testing.T) {
|
func TestValidateInitConfiguration(t *testing.T) {
|
||||||
nodename := "valid-nodename"
|
nodename := "valid-nodename"
|
||||||
|
criPath := fmt.Sprintf("%s:///some/path", kubeadmapiv1.DefaultContainerRuntimeURLScheme)
|
||||||
var tests = []struct {
|
var tests = []struct {
|
||||||
name string
|
name string
|
||||||
s *kubeadmapi.InitConfiguration
|
s *kubeadmapi.InitConfiguration
|
||||||
@ -476,7 +479,7 @@ func TestValidateInitConfiguration(t *testing.T) {
|
|||||||
},
|
},
|
||||||
CertificatesDir: "/some/cert/dir",
|
CertificatesDir: "/some/cert/dir",
|
||||||
},
|
},
|
||||||
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"},
|
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath},
|
||||||
}, false},
|
}, false},
|
||||||
{"invalid missing token with IPv6 service subnet",
|
{"invalid missing token with IPv6 service subnet",
|
||||||
&kubeadmapi.InitConfiguration{
|
&kubeadmapi.InitConfiguration{
|
||||||
@ -491,7 +494,7 @@ func TestValidateInitConfiguration(t *testing.T) {
|
|||||||
},
|
},
|
||||||
CertificatesDir: "/some/cert/dir",
|
CertificatesDir: "/some/cert/dir",
|
||||||
},
|
},
|
||||||
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"},
|
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath},
|
||||||
}, false},
|
}, false},
|
||||||
{"invalid missing node name",
|
{"invalid missing node name",
|
||||||
&kubeadmapi.InitConfiguration{
|
&kubeadmapi.InitConfiguration{
|
||||||
@ -521,7 +524,7 @@ func TestValidateInitConfiguration(t *testing.T) {
|
|||||||
},
|
},
|
||||||
CertificatesDir: "/some/other/cert/dir",
|
CertificatesDir: "/some/other/cert/dir",
|
||||||
},
|
},
|
||||||
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"},
|
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath},
|
||||||
}, false},
|
}, false},
|
||||||
{"valid InitConfiguration with IPv4 service subnet",
|
{"valid InitConfiguration with IPv4 service subnet",
|
||||||
&kubeadmapi.InitConfiguration{
|
&kubeadmapi.InitConfiguration{
|
||||||
@ -542,7 +545,7 @@ func TestValidateInitConfiguration(t *testing.T) {
|
|||||||
},
|
},
|
||||||
CertificatesDir: "/some/other/cert/dir",
|
CertificatesDir: "/some/other/cert/dir",
|
||||||
},
|
},
|
||||||
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"},
|
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath},
|
||||||
}, true},
|
}, true},
|
||||||
{"valid InitConfiguration using IPv6 service subnet",
|
{"valid InitConfiguration using IPv6 service subnet",
|
||||||
&kubeadmapi.InitConfiguration{
|
&kubeadmapi.InitConfiguration{
|
||||||
@ -562,7 +565,7 @@ func TestValidateInitConfiguration(t *testing.T) {
|
|||||||
},
|
},
|
||||||
CertificatesDir: "/some/other/cert/dir",
|
CertificatesDir: "/some/other/cert/dir",
|
||||||
},
|
},
|
||||||
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"},
|
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath},
|
||||||
}, true},
|
}, true},
|
||||||
}
|
}
|
||||||
for _, rt := range tests {
|
for _, rt := range tests {
|
||||||
@ -579,6 +582,7 @@ func TestValidateInitConfiguration(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestValidateJoinConfiguration(t *testing.T) {
|
func TestValidateJoinConfiguration(t *testing.T) {
|
||||||
|
criPath := fmt.Sprintf("%s:///var/run/containerd/containerd.sock", kubeadmapiv1.DefaultContainerRuntimeURLScheme)
|
||||||
var tests = []struct {
|
var tests = []struct {
|
||||||
s *kubeadmapi.JoinConfiguration
|
s *kubeadmapi.JoinConfiguration
|
||||||
expected bool
|
expected bool
|
||||||
@ -607,7 +611,7 @@ func TestValidateJoinConfiguration(t *testing.T) {
|
|||||||
},
|
},
|
||||||
NodeRegistration: kubeadmapi.NodeRegistrationOptions{
|
NodeRegistration: kubeadmapi.NodeRegistrationOptions{
|
||||||
Name: "aaa",
|
Name: "aaa",
|
||||||
CRISocket: "unix:///var/run/containerd/containerd.sock",
|
CRISocket: criPath,
|
||||||
},
|
},
|
||||||
}, true},
|
}, true},
|
||||||
{&kubeadmapi.JoinConfiguration{ // Pass with JoinControlPlane
|
{&kubeadmapi.JoinConfiguration{ // Pass with JoinControlPlane
|
||||||
@ -622,7 +626,7 @@ func TestValidateJoinConfiguration(t *testing.T) {
|
|||||||
},
|
},
|
||||||
NodeRegistration: kubeadmapi.NodeRegistrationOptions{
|
NodeRegistration: kubeadmapi.NodeRegistrationOptions{
|
||||||
Name: "aaa",
|
Name: "aaa",
|
||||||
CRISocket: "unix:///var/run/containerd/containerd.sock",
|
CRISocket: criPath,
|
||||||
},
|
},
|
||||||
ControlPlane: &kubeadmapi.JoinControlPlane{
|
ControlPlane: &kubeadmapi.JoinControlPlane{
|
||||||
LocalAPIEndpoint: kubeadmapi.APIEndpoint{
|
LocalAPIEndpoint: kubeadmapi.APIEndpoint{
|
||||||
@ -643,7 +647,7 @@ func TestValidateJoinConfiguration(t *testing.T) {
|
|||||||
},
|
},
|
||||||
NodeRegistration: kubeadmapi.NodeRegistrationOptions{
|
NodeRegistration: kubeadmapi.NodeRegistrationOptions{
|
||||||
Name: "aaa",
|
Name: "aaa",
|
||||||
CRISocket: "unix:///var/run/containerd/containerd.sock",
|
CRISocket: criPath,
|
||||||
},
|
},
|
||||||
ControlPlane: &kubeadmapi.JoinControlPlane{
|
ControlPlane: &kubeadmapi.JoinControlPlane{
|
||||||
LocalAPIEndpoint: kubeadmapi.APIEndpoint{
|
LocalAPIEndpoint: kubeadmapi.APIEndpoint{
|
||||||
@ -664,7 +668,7 @@ func TestValidateJoinConfiguration(t *testing.T) {
|
|||||||
},
|
},
|
||||||
NodeRegistration: kubeadmapi.NodeRegistrationOptions{
|
NodeRegistration: kubeadmapi.NodeRegistrationOptions{
|
||||||
Name: "aaa",
|
Name: "aaa",
|
||||||
CRISocket: "unix:///var/run/containerd/containerd.sock",
|
CRISocket: criPath,
|
||||||
},
|
},
|
||||||
ControlPlane: &kubeadmapi.JoinControlPlane{
|
ControlPlane: &kubeadmapi.JoinControlPlane{
|
||||||
LocalAPIEndpoint: kubeadmapi.APIEndpoint{
|
LocalAPIEndpoint: kubeadmapi.APIEndpoint{
|
||||||
@ -1124,9 +1128,10 @@ func TestValidateEtcd(t *testing.T) {
|
|||||||
actual := ValidateEtcd(tc.etcd, field.NewPath("etcd"))
|
actual := ValidateEtcd(tc.etcd, field.NewPath("etcd"))
|
||||||
actualErrors := len(actual) > 0
|
actualErrors := len(actual) > 0
|
||||||
if actualErrors != tc.expectedErrors {
|
if actualErrors != tc.expectedErrors {
|
||||||
t.Errorf("Error: \n\texpected: %t\n\t actual: %t",
|
t.Errorf("Error: \n\texpected: %t\n\t actual: %t\n\t encountered errors: %v",
|
||||||
tc.expectedErrors,
|
tc.expectedErrors,
|
||||||
actualErrors,
|
actualErrors,
|
||||||
|
actual,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -25,7 +25,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func TestGetStaticPodDirectory(t *testing.T) {
|
func TestGetStaticPodDirectory(t *testing.T) {
|
||||||
expected := "/etc/kubernetes/manifests"
|
expected := filepath.FromSlash("/etc/kubernetes/manifests")
|
||||||
actual := GetStaticPodDirectory()
|
actual := GetStaticPodDirectory()
|
||||||
|
|
||||||
if actual != expected {
|
if actual != expected {
|
||||||
@ -51,7 +51,7 @@ func TestGetAdminKubeConfigPath(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestGetBootstrapKubeletKubeConfigPath(t *testing.T) {
|
func TestGetBootstrapKubeletKubeConfigPath(t *testing.T) {
|
||||||
expected := "/etc/kubernetes/bootstrap-kubelet.conf"
|
expected := filepath.FromSlash("/etc/kubernetes/bootstrap-kubelet.conf")
|
||||||
actual := GetBootstrapKubeletKubeConfigPath()
|
actual := GetBootstrapKubeletKubeConfigPath()
|
||||||
|
|
||||||
if actual != expected {
|
if actual != expected {
|
||||||
@ -64,7 +64,7 @@ func TestGetBootstrapKubeletKubeConfigPath(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestGetKubeletKubeConfigPath(t *testing.T) {
|
func TestGetKubeletKubeConfigPath(t *testing.T) {
|
||||||
expected := "/etc/kubernetes/kubelet.conf"
|
expected := filepath.FromSlash("/etc/kubernetes/kubelet.conf")
|
||||||
actual := GetKubeletKubeConfigPath()
|
actual := GetKubeletKubeConfigPath()
|
||||||
|
|
||||||
if actual != expected {
|
if actual != expected {
|
||||||
@ -99,7 +99,8 @@ func TestGetStaticPodFilepath(t *testing.T) {
|
|||||||
for _, rt := range tests {
|
for _, rt := range tests {
|
||||||
t.Run(rt.componentName, func(t *testing.T) {
|
t.Run(rt.componentName, func(t *testing.T) {
|
||||||
actual := GetStaticPodFilepath(rt.componentName, rt.manifestsDir)
|
actual := GetStaticPodFilepath(rt.componentName, rt.manifestsDir)
|
||||||
if actual != rt.expected {
|
expected := filepath.FromSlash(rt.expected)
|
||||||
|
if actual != expected {
|
||||||
t.Errorf(
|
t.Errorf(
|
||||||
"failed GetStaticPodFilepath:\n\texpected: %s\n\t actual: %s",
|
"failed GetStaticPodFilepath:\n\texpected: %s\n\t actual: %s",
|
||||||
rt.expected,
|
rt.expected,
|
||||||
|
@ -205,31 +205,31 @@ func TestGetAPIServerCommand(t *testing.T) {
|
|||||||
"kube-apiserver",
|
"kube-apiserver",
|
||||||
"--enable-admission-plugins=NodeRestriction",
|
"--enable-admission-plugins=NodeRestriction",
|
||||||
"--service-cluster-ip-range=bar",
|
"--service-cluster-ip-range=bar",
|
||||||
"--service-account-key-file=" + testCertsDir + "/sa.pub",
|
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
|
||||||
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
|
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
|
||||||
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
|
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
|
||||||
"--client-ca-file=" + testCertsDir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
|
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
|
||||||
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
|
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
|
||||||
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
|
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
|
||||||
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
|
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
|
||||||
"--enable-bootstrap-token-auth=true",
|
"--enable-bootstrap-token-auth=true",
|
||||||
"--secure-port=123",
|
"--secure-port=123",
|
||||||
"--allow-privileged=true",
|
"--allow-privileged=true",
|
||||||
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
|
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
|
||||||
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
|
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
|
||||||
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
|
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
|
||||||
"--requestheader-username-headers=X-Remote-User",
|
"--requestheader-username-headers=X-Remote-User",
|
||||||
"--requestheader-group-headers=X-Remote-Group",
|
"--requestheader-group-headers=X-Remote-Group",
|
||||||
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
|
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
|
||||||
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
|
||||||
"--requestheader-allowed-names=front-proxy-client",
|
"--requestheader-allowed-names=front-proxy-client",
|
||||||
"--authorization-mode=Node,RBAC",
|
"--authorization-mode=Node,RBAC",
|
||||||
"--advertise-address=1.2.3.4",
|
"--advertise-address=1.2.3.4",
|
||||||
fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort),
|
fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort),
|
||||||
"--etcd-cafile=" + testCertsDir + "/etcd/ca.crt",
|
"--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"),
|
||||||
"--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt",
|
"--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"),
|
||||||
"--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key",
|
"--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -243,31 +243,31 @@ func TestGetAPIServerCommand(t *testing.T) {
|
|||||||
"kube-apiserver",
|
"kube-apiserver",
|
||||||
"--enable-admission-plugins=NodeRestriction",
|
"--enable-admission-plugins=NodeRestriction",
|
||||||
"--service-cluster-ip-range=bar",
|
"--service-cluster-ip-range=bar",
|
||||||
"--service-account-key-file=" + testCertsDir + "/sa.pub",
|
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
|
||||||
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
|
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
|
||||||
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
|
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
|
||||||
"--client-ca-file=" + testCertsDir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
|
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
|
||||||
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
|
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
|
||||||
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
|
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
|
||||||
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
|
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
|
||||||
"--enable-bootstrap-token-auth=true",
|
"--enable-bootstrap-token-auth=true",
|
||||||
fmt.Sprintf("--secure-port=%d", 123),
|
fmt.Sprintf("--secure-port=%d", 123),
|
||||||
"--allow-privileged=true",
|
"--allow-privileged=true",
|
||||||
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
|
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
|
||||||
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
|
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
|
||||||
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
|
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
|
||||||
"--requestheader-username-headers=X-Remote-User",
|
"--requestheader-username-headers=X-Remote-User",
|
||||||
"--requestheader-group-headers=X-Remote-Group",
|
"--requestheader-group-headers=X-Remote-Group",
|
||||||
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
|
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
|
||||||
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
|
||||||
"--requestheader-allowed-names=front-proxy-client",
|
"--requestheader-allowed-names=front-proxy-client",
|
||||||
"--authorization-mode=Node,RBAC",
|
"--authorization-mode=Node,RBAC",
|
||||||
"--advertise-address=2001:db8::1",
|
"--advertise-address=2001:db8::1",
|
||||||
fmt.Sprintf("--etcd-servers=https://[::1]:%d", kubeadmconstants.EtcdListenClientPort),
|
fmt.Sprintf("--etcd-servers=https://[::1]:%d", kubeadmconstants.EtcdListenClientPort),
|
||||||
"--etcd-cafile=" + testCertsDir + "/etcd/ca.crt",
|
"--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"),
|
||||||
"--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt",
|
"--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"),
|
||||||
"--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key",
|
"--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -289,24 +289,24 @@ func TestGetAPIServerCommand(t *testing.T) {
|
|||||||
"kube-apiserver",
|
"kube-apiserver",
|
||||||
"--enable-admission-plugins=NodeRestriction",
|
"--enable-admission-plugins=NodeRestriction",
|
||||||
"--service-cluster-ip-range=bar",
|
"--service-cluster-ip-range=bar",
|
||||||
"--service-account-key-file=" + testCertsDir + "/sa.pub",
|
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
|
||||||
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
|
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
|
||||||
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
|
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
|
||||||
"--client-ca-file=" + testCertsDir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
|
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
|
||||||
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
|
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
|
||||||
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
|
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
|
||||||
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
|
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
|
||||||
fmt.Sprintf("--secure-port=%d", 123),
|
fmt.Sprintf("--secure-port=%d", 123),
|
||||||
"--allow-privileged=true",
|
"--allow-privileged=true",
|
||||||
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
|
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
|
||||||
"--enable-bootstrap-token-auth=true",
|
"--enable-bootstrap-token-auth=true",
|
||||||
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
|
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
|
||||||
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
|
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
|
||||||
"--requestheader-username-headers=X-Remote-User",
|
"--requestheader-username-headers=X-Remote-User",
|
||||||
"--requestheader-group-headers=X-Remote-Group",
|
"--requestheader-group-headers=X-Remote-Group",
|
||||||
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
|
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
|
||||||
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
|
||||||
"--requestheader-allowed-names=front-proxy-client",
|
"--requestheader-allowed-names=front-proxy-client",
|
||||||
"--authorization-mode=Node,RBAC",
|
"--authorization-mode=Node,RBAC",
|
||||||
"--advertise-address=2001:db8::1",
|
"--advertise-address=2001:db8::1",
|
||||||
@ -332,24 +332,24 @@ func TestGetAPIServerCommand(t *testing.T) {
|
|||||||
"kube-apiserver",
|
"kube-apiserver",
|
||||||
"--enable-admission-plugins=NodeRestriction",
|
"--enable-admission-plugins=NodeRestriction",
|
||||||
"--service-cluster-ip-range=bar",
|
"--service-cluster-ip-range=bar",
|
||||||
"--service-account-key-file=" + testCertsDir + "/sa.pub",
|
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
|
||||||
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
|
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
|
||||||
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
|
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
|
||||||
"--client-ca-file=" + testCertsDir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
|
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
|
||||||
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
|
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
|
||||||
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
|
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
|
||||||
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
|
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
|
||||||
fmt.Sprintf("--secure-port=%d", 123),
|
fmt.Sprintf("--secure-port=%d", 123),
|
||||||
"--allow-privileged=true",
|
"--allow-privileged=true",
|
||||||
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
|
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
|
||||||
"--enable-bootstrap-token-auth=true",
|
"--enable-bootstrap-token-auth=true",
|
||||||
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
|
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
|
||||||
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
|
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
|
||||||
"--requestheader-username-headers=X-Remote-User",
|
"--requestheader-username-headers=X-Remote-User",
|
||||||
"--requestheader-group-headers=X-Remote-Group",
|
"--requestheader-group-headers=X-Remote-Group",
|
||||||
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
|
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
|
||||||
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
|
||||||
"--requestheader-allowed-names=front-proxy-client",
|
"--requestheader-allowed-names=front-proxy-client",
|
||||||
"--authorization-mode=Node,RBAC",
|
"--authorization-mode=Node,RBAC",
|
||||||
"--advertise-address=2001:db8::1",
|
"--advertise-address=2001:db8::1",
|
||||||
@ -377,31 +377,31 @@ func TestGetAPIServerCommand(t *testing.T) {
|
|||||||
"kube-apiserver",
|
"kube-apiserver",
|
||||||
"--enable-admission-plugins=NodeRestriction",
|
"--enable-admission-plugins=NodeRestriction",
|
||||||
"--service-cluster-ip-range=baz",
|
"--service-cluster-ip-range=baz",
|
||||||
"--service-account-key-file=" + testCertsDir + "/sa.pub",
|
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
|
||||||
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
|
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
|
||||||
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
|
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
|
||||||
"--client-ca-file=" + testCertsDir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
|
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
|
||||||
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
|
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
|
||||||
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
|
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
|
||||||
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
|
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
|
||||||
"--enable-bootstrap-token-auth=true",
|
"--enable-bootstrap-token-auth=true",
|
||||||
"--secure-port=123",
|
"--secure-port=123",
|
||||||
"--allow-privileged=true",
|
"--allow-privileged=true",
|
||||||
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
|
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
|
||||||
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
|
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
|
||||||
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
|
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
|
||||||
"--requestheader-username-headers=X-Remote-User",
|
"--requestheader-username-headers=X-Remote-User",
|
||||||
"--requestheader-group-headers=X-Remote-Group",
|
"--requestheader-group-headers=X-Remote-Group",
|
||||||
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
|
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
|
||||||
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
|
||||||
"--requestheader-allowed-names=front-proxy-client",
|
"--requestheader-allowed-names=front-proxy-client",
|
||||||
"--authorization-mode=Node,RBAC",
|
"--authorization-mode=Node,RBAC",
|
||||||
"--advertise-address=9.9.9.9",
|
"--advertise-address=9.9.9.9",
|
||||||
fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort),
|
fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort),
|
||||||
"--etcd-cafile=" + testCertsDir + "/etcd/ca.crt",
|
"--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"),
|
||||||
"--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt",
|
"--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"),
|
||||||
"--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key",
|
"--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"),
|
||||||
"--audit-policy-file=/etc/config/audit.yaml",
|
"--audit-policy-file=/etc/config/audit.yaml",
|
||||||
"--audit-log-path=/var/log/kubernetes",
|
"--audit-log-path=/var/log/kubernetes",
|
||||||
},
|
},
|
||||||
@ -424,31 +424,31 @@ func TestGetAPIServerCommand(t *testing.T) {
|
|||||||
"kube-apiserver",
|
"kube-apiserver",
|
||||||
"--enable-admission-plugins=NodeRestriction",
|
"--enable-admission-plugins=NodeRestriction",
|
||||||
"--service-cluster-ip-range=bar",
|
"--service-cluster-ip-range=bar",
|
||||||
"--service-account-key-file=" + testCertsDir + "/sa.pub",
|
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
|
||||||
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
|
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
|
||||||
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
|
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
|
||||||
"--client-ca-file=" + testCertsDir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
|
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
|
||||||
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
|
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
|
||||||
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
|
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
|
||||||
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
|
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
|
||||||
"--enable-bootstrap-token-auth=true",
|
"--enable-bootstrap-token-auth=true",
|
||||||
"--secure-port=123",
|
"--secure-port=123",
|
||||||
"--allow-privileged=true",
|
"--allow-privileged=true",
|
||||||
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
|
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
|
||||||
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
|
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
|
||||||
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
|
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
|
||||||
"--requestheader-username-headers=X-Remote-User",
|
"--requestheader-username-headers=X-Remote-User",
|
||||||
"--requestheader-group-headers=X-Remote-Group",
|
"--requestheader-group-headers=X-Remote-Group",
|
||||||
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
|
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
|
||||||
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
|
||||||
"--requestheader-allowed-names=front-proxy-client",
|
"--requestheader-allowed-names=front-proxy-client",
|
||||||
"--authorization-mode=ABAC",
|
"--authorization-mode=ABAC",
|
||||||
"--advertise-address=1.2.3.4",
|
"--advertise-address=1.2.3.4",
|
||||||
fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort),
|
fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort),
|
||||||
"--etcd-cafile=" + testCertsDir + "/etcd/ca.crt",
|
"--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"),
|
||||||
"--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt",
|
"--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"),
|
||||||
"--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key",
|
"--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -473,31 +473,31 @@ func TestGetAPIServerCommand(t *testing.T) {
|
|||||||
"kube-apiserver",
|
"kube-apiserver",
|
||||||
"--enable-admission-plugins=NodeRestriction",
|
"--enable-admission-plugins=NodeRestriction",
|
||||||
"--service-cluster-ip-range=bar",
|
"--service-cluster-ip-range=bar",
|
||||||
"--service-account-key-file=" + testCertsDir + "/sa.pub",
|
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
|
||||||
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
|
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
|
||||||
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
|
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
|
||||||
"--client-ca-file=" + testCertsDir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
|
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
|
||||||
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
|
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
|
||||||
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
|
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
|
||||||
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
|
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
|
||||||
"--enable-bootstrap-token-auth=true",
|
"--enable-bootstrap-token-auth=true",
|
||||||
"--secure-port=123",
|
"--secure-port=123",
|
||||||
"--allow-privileged=true",
|
"--allow-privileged=true",
|
||||||
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
|
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
|
||||||
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
|
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
|
||||||
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
|
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
|
||||||
"--requestheader-username-headers=X-Remote-User",
|
"--requestheader-username-headers=X-Remote-User",
|
||||||
"--requestheader-group-headers=X-Remote-Group",
|
"--requestheader-group-headers=X-Remote-Group",
|
||||||
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
|
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
|
||||||
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
|
||||||
"--requestheader-allowed-names=front-proxy-client",
|
"--requestheader-allowed-names=front-proxy-client",
|
||||||
"--authorization-mode=Node,RBAC,Webhook",
|
"--authorization-mode=Node,RBAC,Webhook",
|
||||||
"--advertise-address=1.2.3.4",
|
"--advertise-address=1.2.3.4",
|
||||||
fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort),
|
fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort),
|
||||||
"--etcd-cafile=" + testCertsDir + "/etcd/ca.crt",
|
"--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"),
|
||||||
"--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt",
|
"--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"),
|
||||||
"--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key",
|
"--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
@ -549,17 +549,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
|
|||||||
"kube-controller-manager",
|
"kube-controller-manager",
|
||||||
"--bind-address=127.0.0.1",
|
"--bind-address=127.0.0.1",
|
||||||
"--leader-elect=true",
|
"--leader-elect=true",
|
||||||
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--root-ca-file=" + testCertsDir + "/ca.crt",
|
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
|
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
|
||||||
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
|
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
|
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
|
||||||
"--use-service-account-credentials=true",
|
"--use-service-account-credentials=true",
|
||||||
"--controllers=*,bootstrapsigner,tokencleaner",
|
"--controllers=*,bootstrapsigner,tokencleaner",
|
||||||
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--client-ca-file=" + testCertsDir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
|
||||||
"--cluster-name=some-other-cluster-name",
|
"--cluster-name=some-other-cluster-name",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -573,17 +573,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
|
|||||||
"kube-controller-manager",
|
"kube-controller-manager",
|
||||||
"--bind-address=127.0.0.1",
|
"--bind-address=127.0.0.1",
|
||||||
"--leader-elect=true",
|
"--leader-elect=true",
|
||||||
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--root-ca-file=" + testCertsDir + "/ca.crt",
|
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
|
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
|
||||||
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
|
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
|
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
|
||||||
"--use-service-account-credentials=true",
|
"--use-service-account-credentials=true",
|
||||||
"--controllers=*,bootstrapsigner,tokencleaner",
|
"--controllers=*,bootstrapsigner,tokencleaner",
|
||||||
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--client-ca-file=" + testCertsDir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
@ -597,17 +597,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
|
|||||||
"kube-controller-manager",
|
"kube-controller-manager",
|
||||||
"--bind-address=127.0.0.1",
|
"--bind-address=127.0.0.1",
|
||||||
"--leader-elect=true",
|
"--leader-elect=true",
|
||||||
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--root-ca-file=" + testCertsDir + "/ca.crt",
|
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
|
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
|
||||||
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
|
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
|
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
|
||||||
"--use-service-account-credentials=true",
|
"--use-service-account-credentials=true",
|
||||||
"--controllers=*,bootstrapsigner,tokencleaner",
|
"--controllers=*,bootstrapsigner,tokencleaner",
|
||||||
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--client-ca-file=" + testCertsDir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
|
||||||
"--allocate-node-cidrs=true",
|
"--allocate-node-cidrs=true",
|
||||||
"--cluster-cidr=10.0.1.15/16",
|
"--cluster-cidr=10.0.1.15/16",
|
||||||
},
|
},
|
||||||
@ -627,17 +627,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
|
|||||||
"kube-controller-manager",
|
"kube-controller-manager",
|
||||||
"--bind-address=127.0.0.1",
|
"--bind-address=127.0.0.1",
|
||||||
"--leader-elect=true",
|
"--leader-elect=true",
|
||||||
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--root-ca-file=" + testCertsDir + "/ca.crt",
|
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
|
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
|
||||||
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
|
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
|
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
|
||||||
"--use-service-account-credentials=true",
|
"--use-service-account-credentials=true",
|
||||||
"--controllers=*,bootstrapsigner,tokencleaner",
|
"--controllers=*,bootstrapsigner,tokencleaner",
|
||||||
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--client-ca-file=" + testCertsDir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
|
||||||
"--allocate-node-cidrs=true",
|
"--allocate-node-cidrs=true",
|
||||||
"--cluster-cidr=10.0.1.15/16",
|
"--cluster-cidr=10.0.1.15/16",
|
||||||
"--service-cluster-ip-range=172.20.0.0/24",
|
"--service-cluster-ip-range=172.20.0.0/24",
|
||||||
@ -657,17 +657,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
|
|||||||
"kube-controller-manager",
|
"kube-controller-manager",
|
||||||
"--bind-address=127.0.0.1",
|
"--bind-address=127.0.0.1",
|
||||||
"--leader-elect=true",
|
"--leader-elect=true",
|
||||||
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--root-ca-file=" + testCertsDir + "/ca.crt",
|
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
|
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
|
||||||
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
|
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
|
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
|
||||||
"--use-service-account-credentials=true",
|
"--use-service-account-credentials=true",
|
||||||
"--controllers=*,bootstrapsigner,tokencleaner",
|
"--controllers=*,bootstrapsigner,tokencleaner",
|
||||||
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--client-ca-file=" + testCertsDir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
|
||||||
"--allocate-node-cidrs=true",
|
"--allocate-node-cidrs=true",
|
||||||
"--cluster-cidr=10.0.1.15/16",
|
"--cluster-cidr=10.0.1.15/16",
|
||||||
"--node-cidr-mask-size=20",
|
"--node-cidr-mask-size=20",
|
||||||
@ -689,17 +689,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
|
|||||||
"kube-controller-manager",
|
"kube-controller-manager",
|
||||||
"--bind-address=127.0.0.1",
|
"--bind-address=127.0.0.1",
|
||||||
"--leader-elect=true",
|
"--leader-elect=true",
|
||||||
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--root-ca-file=" + testCertsDir + "/ca.crt",
|
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
|
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
|
||||||
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
|
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
|
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
|
||||||
"--use-service-account-credentials=true",
|
"--use-service-account-credentials=true",
|
||||||
"--controllers=*,bootstrapsigner,tokencleaner",
|
"--controllers=*,bootstrapsigner,tokencleaner",
|
||||||
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--client-ca-file=" + testCertsDir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
|
||||||
"--allocate-node-cidrs=true",
|
"--allocate-node-cidrs=true",
|
||||||
"--cluster-cidr=2001:db8::/64",
|
"--cluster-cidr=2001:db8::/64",
|
||||||
"--service-cluster-ip-range=fd03::/112",
|
"--service-cluster-ip-range=fd03::/112",
|
||||||
@ -723,17 +723,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
|
|||||||
"kube-controller-manager",
|
"kube-controller-manager",
|
||||||
"--bind-address=127.0.0.1",
|
"--bind-address=127.0.0.1",
|
||||||
"--leader-elect=true",
|
"--leader-elect=true",
|
||||||
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--root-ca-file=" + testCertsDir + "/ca.crt",
|
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
|
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
|
||||||
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
|
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
|
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
|
||||||
"--use-service-account-credentials=true",
|
"--use-service-account-credentials=true",
|
||||||
"--controllers=*,bootstrapsigner,tokencleaner",
|
"--controllers=*,bootstrapsigner,tokencleaner",
|
||||||
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--client-ca-file=" + testCertsDir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
|
||||||
"--allocate-node-cidrs=false",
|
"--allocate-node-cidrs=false",
|
||||||
"--cluster-cidr=2001:db8::/64",
|
"--cluster-cidr=2001:db8::/64",
|
||||||
"--service-cluster-ip-range=fd03::/112",
|
"--service-cluster-ip-range=fd03::/112",
|
||||||
@ -754,17 +754,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
|
|||||||
"kube-controller-manager",
|
"kube-controller-manager",
|
||||||
"--bind-address=127.0.0.1",
|
"--bind-address=127.0.0.1",
|
||||||
"--leader-elect=true",
|
"--leader-elect=true",
|
||||||
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--root-ca-file=" + testCertsDir + "/ca.crt",
|
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
|
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
|
||||||
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
|
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
|
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
|
||||||
"--use-service-account-credentials=true",
|
"--use-service-account-credentials=true",
|
||||||
"--controllers=*,bootstrapsigner,tokencleaner",
|
"--controllers=*,bootstrapsigner,tokencleaner",
|
||||||
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--client-ca-file=" + testCertsDir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
|
||||||
"--allocate-node-cidrs=true",
|
"--allocate-node-cidrs=true",
|
||||||
"--cluster-cidr=2001:db8::/64,10.1.0.0/16",
|
"--cluster-cidr=2001:db8::/64,10.1.0.0/16",
|
||||||
"--service-cluster-ip-range=fd03::/112,192.168.0.0/16",
|
"--service-cluster-ip-range=fd03::/112,192.168.0.0/16",
|
||||||
@ -787,17 +787,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
|
|||||||
"kube-controller-manager",
|
"kube-controller-manager",
|
||||||
"--bind-address=127.0.0.1",
|
"--bind-address=127.0.0.1",
|
||||||
"--leader-elect=true",
|
"--leader-elect=true",
|
||||||
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--root-ca-file=" + testCertsDir + "/ca.crt",
|
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
|
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
|
||||||
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
|
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
|
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
|
||||||
"--use-service-account-credentials=true",
|
"--use-service-account-credentials=true",
|
||||||
"--controllers=*,bootstrapsigner,tokencleaner",
|
"--controllers=*,bootstrapsigner,tokencleaner",
|
||||||
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--client-ca-file=" + testCertsDir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
|
||||||
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
|
||||||
"--allocate-node-cidrs=true",
|
"--allocate-node-cidrs=true",
|
||||||
"--cluster-cidr=10.0.1.15/16,2001:db8::/64",
|
"--cluster-cidr=10.0.1.15/16,2001:db8::/64",
|
||||||
"--node-cidr-mask-size-ipv4=20",
|
"--node-cidr-mask-size-ipv4=20",
|
||||||
@ -840,17 +840,17 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) {
|
|||||||
"kube-controller-manager",
|
"kube-controller-manager",
|
||||||
"--bind-address=127.0.0.1",
|
"--bind-address=127.0.0.1",
|
||||||
"--leader-elect=true",
|
"--leader-elect=true",
|
||||||
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--root-ca-file=" + tmpdir + "/ca.crt",
|
"--root-ca-file=" + filepath.Join(tmpdir, "ca.crt"),
|
||||||
"--service-account-private-key-file=" + tmpdir + "/sa.key",
|
"--service-account-private-key-file=" + filepath.Join(tmpdir, "sa.key"),
|
||||||
"--cluster-signing-cert-file=",
|
"--cluster-signing-cert-file=",
|
||||||
"--cluster-signing-key-file=",
|
"--cluster-signing-key-file=",
|
||||||
"--use-service-account-credentials=true",
|
"--use-service-account-credentials=true",
|
||||||
"--controllers=*,bootstrapsigner,tokencleaner",
|
"--controllers=*,bootstrapsigner,tokencleaner",
|
||||||
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--client-ca-file=" + tmpdir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(tmpdir, "ca.crt"),
|
||||||
"--requestheader-client-ca-file=" + tmpdir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(tmpdir, "front-proxy-ca.crt"),
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -869,17 +869,17 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) {
|
|||||||
"kube-controller-manager",
|
"kube-controller-manager",
|
||||||
"--bind-address=127.0.0.1",
|
"--bind-address=127.0.0.1",
|
||||||
"--leader-elect=true",
|
"--leader-elect=true",
|
||||||
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--root-ca-file=" + tmpdir + "/ca.crt",
|
"--root-ca-file=" + filepath.Join(tmpdir, "ca.crt"),
|
||||||
"--service-account-private-key-file=" + tmpdir + "/sa.key",
|
"--service-account-private-key-file=" + filepath.Join(tmpdir, "sa.key"),
|
||||||
"--cluster-signing-cert-file=" + tmpdir + "/ca.crt",
|
"--cluster-signing-cert-file=" + filepath.Join(tmpdir, "ca.crt"),
|
||||||
"--cluster-signing-key-file=" + tmpdir + "/ca.key",
|
"--cluster-signing-key-file=" + filepath.Join(tmpdir, "ca.key"),
|
||||||
"--use-service-account-credentials=true",
|
"--use-service-account-credentials=true",
|
||||||
"--controllers=*,bootstrapsigner,tokencleaner",
|
"--controllers=*,bootstrapsigner,tokencleaner",
|
||||||
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
|
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
|
||||||
"--client-ca-file=" + tmpdir + "/ca.crt",
|
"--client-ca-file=" + filepath.Join(tmpdir, "ca.crt"),
|
||||||
"--requestheader-client-ca-file=" + tmpdir + "/front-proxy-ca.crt",
|
"--requestheader-client-ca-file=" + filepath.Join(tmpdir, "front-proxy-ca.crt"),
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -932,9 +932,9 @@ func TestGetSchedulerCommand(t *testing.T) {
|
|||||||
"kube-scheduler",
|
"kube-scheduler",
|
||||||
"--bind-address=127.0.0.1",
|
"--bind-address=127.0.0.1",
|
||||||
"--leader-elect=true",
|
"--leader-elect=true",
|
||||||
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/scheduler.conf",
|
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "scheduler.conf"),
|
||||||
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/scheduler.conf",
|
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "scheduler.conf"),
|
||||||
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/scheduler.conf",
|
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "scheduler.conf"),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -177,7 +177,7 @@ func getEtcdCertVolumes(etcdCfg *kubeadmapi.ExternalEtcd, k8sCertificatesDir str
|
|||||||
certPaths := []string{etcdCfg.CAFile, etcdCfg.CertFile, etcdCfg.KeyFile}
|
certPaths := []string{etcdCfg.CAFile, etcdCfg.CertFile, etcdCfg.KeyFile}
|
||||||
certDirs := sets.NewString()
|
certDirs := sets.NewString()
|
||||||
for _, certPath := range certPaths {
|
for _, certPath := range certPaths {
|
||||||
certDir := filepath.Dir(certPath)
|
certDir := filepath.ToSlash(filepath.Dir(certPath))
|
||||||
// Ignore ".", which is the result of passing an empty path.
|
// Ignore ".", which is the result of passing an empty path.
|
||||||
// Also ignore the cert directories that already may be mounted; /etc/ssl/certs, /etc/pki or Kubernetes CertificatesDir
|
// Also ignore the cert directories that already may be mounted; /etc/ssl/certs, /etc/pki or Kubernetes CertificatesDir
|
||||||
// If the etcd certs are in there, it's okay, we don't have to do anything
|
// If the etcd certs are in there, it's okay, we don't have to do anything
|
||||||
|
@ -19,6 +19,7 @@ package controlplane
|
|||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
|
"path/filepath"
|
||||||
"reflect"
|
"reflect"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
@ -260,6 +261,8 @@ func TestGetEtcdCertVolumes(t *testing.T) {
|
|||||||
func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
|
func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
|
||||||
hostPathDirectoryOrCreate := v1.HostPathDirectoryOrCreate
|
hostPathDirectoryOrCreate := v1.HostPathDirectoryOrCreate
|
||||||
hostPathFileOrCreate := v1.HostPathFileOrCreate
|
hostPathFileOrCreate := v1.HostPathFileOrCreate
|
||||||
|
controllerManagerConfig := filepath.FromSlash("/etc/kubernetes/controller-manager.conf")
|
||||||
|
schedulerConfig := filepath.FromSlash("/etc/kubernetes/scheduler.conf")
|
||||||
volMap := make(map[string]map[string]v1.Volume)
|
volMap := make(map[string]map[string]v1.Volume)
|
||||||
volMap[kubeadmconstants.KubeAPIServer] = map[string]v1.Volume{}
|
volMap[kubeadmconstants.KubeAPIServer] = map[string]v1.Volume{}
|
||||||
volMap[kubeadmconstants.KubeAPIServer]["k8s-certs"] = v1.Volume{
|
volMap[kubeadmconstants.KubeAPIServer]["k8s-certs"] = v1.Volume{
|
||||||
@ -303,7 +306,7 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
|
|||||||
Name: "kubeconfig",
|
Name: "kubeconfig",
|
||||||
VolumeSource: v1.VolumeSource{
|
VolumeSource: v1.VolumeSource{
|
||||||
HostPath: &v1.HostPathVolumeSource{
|
HostPath: &v1.HostPathVolumeSource{
|
||||||
Path: "/etc/kubernetes/controller-manager.conf",
|
Path: controllerManagerConfig,
|
||||||
Type: &hostPathFileOrCreate,
|
Type: &hostPathFileOrCreate,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -313,7 +316,7 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
|
|||||||
Name: "kubeconfig",
|
Name: "kubeconfig",
|
||||||
VolumeSource: v1.VolumeSource{
|
VolumeSource: v1.VolumeSource{
|
||||||
HostPath: &v1.HostPathVolumeSource{
|
HostPath: &v1.HostPathVolumeSource{
|
||||||
Path: "/etc/kubernetes/scheduler.conf",
|
Path: schedulerConfig,
|
||||||
Type: &hostPathFileOrCreate,
|
Type: &hostPathFileOrCreate,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -343,13 +346,13 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
|
|||||||
}
|
}
|
||||||
volMountMap[kubeadmconstants.KubeControllerManager]["kubeconfig"] = v1.VolumeMount{
|
volMountMap[kubeadmconstants.KubeControllerManager]["kubeconfig"] = v1.VolumeMount{
|
||||||
Name: "kubeconfig",
|
Name: "kubeconfig",
|
||||||
MountPath: "/etc/kubernetes/controller-manager.conf",
|
MountPath: controllerManagerConfig,
|
||||||
ReadOnly: true,
|
ReadOnly: true,
|
||||||
}
|
}
|
||||||
volMountMap[kubeadmconstants.KubeScheduler] = map[string]v1.VolumeMount{}
|
volMountMap[kubeadmconstants.KubeScheduler] = map[string]v1.VolumeMount{}
|
||||||
volMountMap[kubeadmconstants.KubeScheduler]["kubeconfig"] = v1.VolumeMount{
|
volMountMap[kubeadmconstants.KubeScheduler]["kubeconfig"] = v1.VolumeMount{
|
||||||
Name: "kubeconfig",
|
Name: "kubeconfig",
|
||||||
MountPath: "/etc/kubernetes/scheduler.conf",
|
MountPath: schedulerConfig,
|
||||||
ReadOnly: true,
|
ReadOnly: true,
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -414,7 +417,7 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
|
|||||||
Name: "kubeconfig",
|
Name: "kubeconfig",
|
||||||
VolumeSource: v1.VolumeSource{
|
VolumeSource: v1.VolumeSource{
|
||||||
HostPath: &v1.HostPathVolumeSource{
|
HostPath: &v1.HostPathVolumeSource{
|
||||||
Path: "/etc/kubernetes/controller-manager.conf",
|
Path: controllerManagerConfig,
|
||||||
Type: &hostPathFileOrCreate,
|
Type: &hostPathFileOrCreate,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -424,7 +427,7 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
|
|||||||
Name: "kubeconfig",
|
Name: "kubeconfig",
|
||||||
VolumeSource: v1.VolumeSource{
|
VolumeSource: v1.VolumeSource{
|
||||||
HostPath: &v1.HostPathVolumeSource{
|
HostPath: &v1.HostPathVolumeSource{
|
||||||
Path: "/etc/kubernetes/scheduler.conf",
|
Path: schedulerConfig,
|
||||||
Type: &hostPathFileOrCreate,
|
Type: &hostPathFileOrCreate,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
@ -464,13 +467,13 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
|
|||||||
}
|
}
|
||||||
volMountMap2[kubeadmconstants.KubeControllerManager]["kubeconfig"] = v1.VolumeMount{
|
volMountMap2[kubeadmconstants.KubeControllerManager]["kubeconfig"] = v1.VolumeMount{
|
||||||
Name: "kubeconfig",
|
Name: "kubeconfig",
|
||||||
MountPath: "/etc/kubernetes/controller-manager.conf",
|
MountPath: controllerManagerConfig,
|
||||||
ReadOnly: true,
|
ReadOnly: true,
|
||||||
}
|
}
|
||||||
volMountMap2[kubeadmconstants.KubeScheduler] = map[string]v1.VolumeMount{}
|
volMountMap2[kubeadmconstants.KubeScheduler] = map[string]v1.VolumeMount{}
|
||||||
volMountMap2[kubeadmconstants.KubeScheduler]["kubeconfig"] = v1.VolumeMount{
|
volMountMap2[kubeadmconstants.KubeScheduler]["kubeconfig"] = v1.VolumeMount{
|
||||||
Name: "kubeconfig",
|
Name: "kubeconfig",
|
||||||
MountPath: "/etc/kubernetes/scheduler.conf",
|
MountPath: schedulerConfig,
|
||||||
ReadOnly: true,
|
ReadOnly: true,
|
||||||
}
|
}
|
||||||
var tests = []struct {
|
var tests = []struct {
|
||||||
|
@ -184,13 +184,13 @@ func TestGetEtcdCommand(t *testing.T) {
|
|||||||
fmt.Sprintf("--listen-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
|
fmt.Sprintf("--listen-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
|
||||||
fmt.Sprintf("--initial-advertise-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
|
fmt.Sprintf("--initial-advertise-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
|
||||||
"--data-dir=/var/lib/etcd",
|
"--data-dir=/var/lib/etcd",
|
||||||
"--cert-file=" + kubeadmconstants.EtcdServerCertName,
|
"--cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerCertName),
|
||||||
"--key-file=" + kubeadmconstants.EtcdServerKeyName,
|
"--key-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerKeyName),
|
||||||
"--trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
|
"--trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
|
||||||
"--client-cert-auth=true",
|
"--client-cert-auth=true",
|
||||||
"--peer-cert-file=" + kubeadmconstants.EtcdPeerCertName,
|
"--peer-cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerCertName),
|
||||||
"--peer-key-file=" + kubeadmconstants.EtcdPeerKeyName,
|
"--peer-key-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerKeyName),
|
||||||
"--peer-trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
|
"--peer-trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
|
||||||
"--snapshot-count=10000",
|
"--snapshot-count=10000",
|
||||||
"--peer-client-cert-auth=true",
|
"--peer-client-cert-auth=true",
|
||||||
fmt.Sprintf("--initial-cluster=foo=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
|
fmt.Sprintf("--initial-cluster=foo=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
|
||||||
@ -215,13 +215,13 @@ func TestGetEtcdCommand(t *testing.T) {
|
|||||||
fmt.Sprintf("--listen-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
|
fmt.Sprintf("--listen-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
|
||||||
fmt.Sprintf("--initial-advertise-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
|
fmt.Sprintf("--initial-advertise-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
|
||||||
"--data-dir=/var/lib/etcd",
|
"--data-dir=/var/lib/etcd",
|
||||||
"--cert-file=" + kubeadmconstants.EtcdServerCertName,
|
"--cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerCertName),
|
||||||
"--key-file=" + kubeadmconstants.EtcdServerKeyName,
|
"--key-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerKeyName),
|
||||||
"--trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
|
"--trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
|
||||||
"--client-cert-auth=true",
|
"--client-cert-auth=true",
|
||||||
"--peer-cert-file=" + kubeadmconstants.EtcdPeerCertName,
|
"--peer-cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerCertName),
|
||||||
"--peer-key-file=" + kubeadmconstants.EtcdPeerKeyName,
|
"--peer-key-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerKeyName),
|
||||||
"--peer-trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
|
"--peer-trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
|
||||||
"--snapshot-count=10000",
|
"--snapshot-count=10000",
|
||||||
"--peer-client-cert-auth=true",
|
"--peer-client-cert-auth=true",
|
||||||
"--initial-cluster-state=existing",
|
"--initial-cluster-state=existing",
|
||||||
@ -247,13 +247,13 @@ func TestGetEtcdCommand(t *testing.T) {
|
|||||||
fmt.Sprintf("--listen-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
|
fmt.Sprintf("--listen-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
|
||||||
fmt.Sprintf("--initial-advertise-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
|
fmt.Sprintf("--initial-advertise-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
|
||||||
"--data-dir=/var/lib/etcd",
|
"--data-dir=/var/lib/etcd",
|
||||||
"--cert-file=" + kubeadmconstants.EtcdServerCertName,
|
"--cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerCertName),
|
||||||
"--key-file=" + kubeadmconstants.EtcdServerKeyName,
|
"--key-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerKeyName),
|
||||||
"--trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
|
"--trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
|
||||||
"--client-cert-auth=true",
|
"--client-cert-auth=true",
|
||||||
"--peer-cert-file=" + kubeadmconstants.EtcdPeerCertName,
|
"--peer-cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerCertName),
|
||||||
"--peer-key-file=" + kubeadmconstants.EtcdPeerKeyName,
|
"--peer-key-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerKeyName),
|
||||||
"--peer-trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
|
"--peer-trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
|
||||||
"--snapshot-count=10000",
|
"--snapshot-count=10000",
|
||||||
"--peer-client-cert-auth=true",
|
"--peer-client-cert-auth=true",
|
||||||
fmt.Sprintf("--initial-cluster=bar=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
|
fmt.Sprintf("--initial-cluster=bar=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
|
||||||
@ -274,13 +274,13 @@ func TestGetEtcdCommand(t *testing.T) {
|
|||||||
fmt.Sprintf("--listen-peer-urls=https://[2001:db8::3]:%d", kubeadmconstants.EtcdListenPeerPort),
|
fmt.Sprintf("--listen-peer-urls=https://[2001:db8::3]:%d", kubeadmconstants.EtcdListenPeerPort),
|
||||||
fmt.Sprintf("--initial-advertise-peer-urls=https://[2001:db8::3]:%d", kubeadmconstants.EtcdListenPeerPort),
|
fmt.Sprintf("--initial-advertise-peer-urls=https://[2001:db8::3]:%d", kubeadmconstants.EtcdListenPeerPort),
|
||||||
"--data-dir=/var/lib/etcd",
|
"--data-dir=/var/lib/etcd",
|
||||||
"--cert-file=" + kubeadmconstants.EtcdServerCertName,
|
"--cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerCertName),
|
||||||
"--key-file=" + kubeadmconstants.EtcdServerKeyName,
|
"--key-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerKeyName),
|
||||||
"--trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
|
"--trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
|
||||||
"--client-cert-auth=true",
|
"--client-cert-auth=true",
|
||||||
"--peer-cert-file=" + kubeadmconstants.EtcdPeerCertName,
|
"--peer-cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerCertName),
|
||||||
"--peer-key-file=" + kubeadmconstants.EtcdPeerKeyName,
|
"--peer-key-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerKeyName),
|
||||||
"--peer-trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
|
"--peer-trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
|
||||||
"--snapshot-count=10000",
|
"--snapshot-count=10000",
|
||||||
"--peer-client-cert-auth=true",
|
"--peer-client-cert-auth=true",
|
||||||
fmt.Sprintf("--initial-cluster=foo=https://[2001:db8::3]:%d", kubeadmconstants.EtcdListenPeerPort),
|
fmt.Sprintf("--initial-cluster=foo=https://[2001:db8::3]:%d", kubeadmconstants.EtcdListenPeerPort),
|
||||||
|
@ -39,14 +39,14 @@ func TestMoveFiles(t *testing.T) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to create cert file %s: %v", certPath, err)
|
t.Fatalf("Failed to create cert file %s: %v", certPath, err)
|
||||||
}
|
}
|
||||||
defer certFile.Close()
|
certFile.Close()
|
||||||
|
|
||||||
keyPath := filepath.Join(tmpdir, constants.APIServerKeyName)
|
keyPath := filepath.Join(tmpdir, constants.APIServerKeyName)
|
||||||
keyFile, err := os.OpenFile(keyPath, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0666)
|
keyFile, err := os.OpenFile(keyPath, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0666)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to create key file %s: %v", keyPath, err)
|
t.Fatalf("Failed to create key file %s: %v", keyPath, err)
|
||||||
}
|
}
|
||||||
defer keyFile.Close()
|
keyFile.Close()
|
||||||
|
|
||||||
subDir := filepath.Join(tmpdir, "expired")
|
subDir := filepath.Join(tmpdir, "expired")
|
||||||
if err := os.Mkdir(subDir, 0766); err != nil {
|
if err := os.Mkdir(subDir, 0766); err != nil {
|
||||||
|
@ -25,6 +25,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
|
"path/filepath"
|
||||||
"reflect"
|
"reflect"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
@ -538,38 +539,44 @@ func TestTryLoadKeyFromDisk(t *testing.T) {
|
|||||||
|
|
||||||
func TestPathsForCertAndKey(t *testing.T) {
|
func TestPathsForCertAndKey(t *testing.T) {
|
||||||
crtPath, keyPath := PathsForCertAndKey("/foo", "bar")
|
crtPath, keyPath := PathsForCertAndKey("/foo", "bar")
|
||||||
if crtPath != "/foo/bar.crt" {
|
expectedPath := filepath.FromSlash("/foo/bar.crt")
|
||||||
|
if crtPath != expectedPath {
|
||||||
t.Errorf("unexpected certificate path: %s", crtPath)
|
t.Errorf("unexpected certificate path: %s", crtPath)
|
||||||
}
|
}
|
||||||
if keyPath != "/foo/bar.key" {
|
expectedPath = filepath.FromSlash("/foo/bar.key")
|
||||||
|
if keyPath != expectedPath {
|
||||||
t.Errorf("unexpected key path: %s", keyPath)
|
t.Errorf("unexpected key path: %s", keyPath)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestPathForCert(t *testing.T) {
|
func TestPathForCert(t *testing.T) {
|
||||||
crtPath := pathForCert("/foo", "bar")
|
crtPath := pathForCert("/foo", "bar")
|
||||||
if crtPath != "/foo/bar.crt" {
|
expectedPath := filepath.FromSlash("/foo/bar.crt")
|
||||||
|
if crtPath != expectedPath {
|
||||||
t.Errorf("unexpected certificate path: %s", crtPath)
|
t.Errorf("unexpected certificate path: %s", crtPath)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestPathForKey(t *testing.T) {
|
func TestPathForKey(t *testing.T) {
|
||||||
keyPath := pathForKey("/foo", "bar")
|
keyPath := pathForKey("/foo", "bar")
|
||||||
if keyPath != "/foo/bar.key" {
|
expectedPath := filepath.FromSlash("/foo/bar.key")
|
||||||
|
if keyPath != expectedPath {
|
||||||
t.Errorf("unexpected certificate path: %s", keyPath)
|
t.Errorf("unexpected certificate path: %s", keyPath)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestPathForPublicKey(t *testing.T) {
|
func TestPathForPublicKey(t *testing.T) {
|
||||||
pubPath := pathForPublicKey("/foo", "bar")
|
pubPath := pathForPublicKey("/foo", "bar")
|
||||||
if pubPath != "/foo/bar.pub" {
|
expectedPath := filepath.FromSlash("/foo/bar.pub")
|
||||||
|
if pubPath != expectedPath {
|
||||||
t.Errorf("unexpected certificate path: %s", pubPath)
|
t.Errorf("unexpected certificate path: %s", pubPath)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestPathForCSR(t *testing.T) {
|
func TestPathForCSR(t *testing.T) {
|
||||||
csrPath := pathForCSR("/foo", "bar")
|
csrPath := pathForCSR("/foo", "bar")
|
||||||
if csrPath != "/foo/bar.csr" {
|
expectedPath := filepath.FromSlash("/foo/bar.csr")
|
||||||
|
if csrPath != expectedPath {
|
||||||
t.Errorf("unexpected certificate path: %s", csrPath)
|
t.Errorf("unexpected certificate path: %s", csrPath)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user