github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 02:41:25 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #111076 from claudiubelu/unittests-6

Browse Source 
unittests: Fixes cmd unit tests for Windows
This commit is contained in:
Kubernetes Prow Robot 2022-09-16 07:39:27 -07:00 committed by GitHub
commit 05f17ee5d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 340 additions and 267 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
cmd/kube-scheduler/app/options/options_test.go
View File

@ -82,7 +82,7 @@ func TestSchedulerOptions(t *testing.T) {
apiVersion: kubescheduler.config.k8s.io/v1
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
leaderElection:
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
t.Fatal(err)
@ -114,7 +114,7 @@ users:
apiVersion: componentconfig/v1alpha1
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
leaderElection:
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
t.Fatal(err)
@ -125,7 +125,7 @@ leaderElection:
apiVersion: kubescheduler.config.k8s.io/v1beta3
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
leaderElection:
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
t.Fatal(err)
@ -136,7 +136,7 @@ leaderElection:
apiVersion: kubescheduler.config.k8s.io/v1beta2
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
leaderElection:
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
t.Fatal(err)
@ -147,7 +147,7 @@ leaderElection:
apiVersion: kubescheduler.config.k8s.io/unknown
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
leaderElection:
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
t.Fatal(err)
@ -157,7 +157,7 @@ leaderElection:
if err := os.WriteFile(noVersionConfig, []byte(fmt.Sprintf(`
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
leaderElection:
leaderElect: true`, configKubeconfig)), os.FileMode(0600)); err != nil {
t.Fatal(err)
@ -168,7 +168,7 @@ leaderElection:
apiVersion: kubescheduler.config.k8s.io/v1
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
leaderElection:
leaderElect: true
foo: bar`, configKubeconfig)), os.FileMode(0600)); err != nil {
@ -180,7 +180,7 @@ foo: bar`, configKubeconfig)), os.FileMode(0600)); err != nil {
apiVersion: kubescheduler.config.k8s.io/v1
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
leaderElection:
leaderElect: true
leaderElect: false`, configKubeconfig)), os.FileMode(0600)); err != nil {
@ -217,7 +217,7 @@ users:
apiVersion: kubescheduler.config.k8s.io/v1
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
profiles:
- plugins:
reserve:
@ -248,7 +248,7 @@ profiles:
apiVersion: kubescheduler.config.k8s.io/v1beta3
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
profiles:
- plugins:
reserve:
@ -279,7 +279,7 @@ profiles:
apiVersion: kubescheduler.config.k8s.io/v1beta2
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
profiles:
- plugins:
reserve:
@ -310,7 +310,7 @@ profiles:
apiVersion: kubescheduler.config.k8s.io/v1
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
profiles:
- schedulerName: "foo-profile"
plugins:
@ -337,7 +337,7 @@ profiles:
apiVersion: kubescheduler.config.k8s.io/v1beta3
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
profiles:
- schedulerName: "foo-profile"
plugins:
@ -364,7 +364,7 @@ profiles:
apiVersion: kubescheduler.config.k8s.io/v1beta2
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
profiles:
- schedulerName: "foo-profile"
plugins:

18
cmd/kube-scheduler/app/server_test.go
View File

@ -88,7 +88,7 @@ users:
apiVersion: kubescheduler.config.k8s.io/v1
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
profiles:
- plugins:
multiPoint:
@ -126,7 +126,7 @@ profiles:
apiVersion: kubescheduler.config.k8s.io/v1beta3
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
profiles:
- plugins:
multiPoint:
@ -164,7 +164,7 @@ profiles:
apiVersion: kubescheduler.config.k8s.io/v1beta2
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
profiles:
- plugins:
preFilter:
@ -201,7 +201,7 @@ profiles:
apiVersion: kubescheduler.config.k8s.io/v1beta3
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
profiles:
- plugins:
preFilter:
@ -220,7 +220,7 @@ profiles:
apiVersion: kubescheduler.config.k8s.io/v1beta3
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
profiles:
- plugins:
preFilter:
@ -239,7 +239,7 @@ profiles:
apiVersion: kubescheduler.config.k8s.io/v1beta2
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
profiles:
- plugins:
preFilter:
@ -258,7 +258,7 @@ profiles:
apiVersion: kubescheduler.config.k8s.io/v1
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
profiles:
- schedulerName: "profile-default-plugins"
- schedulerName: "profile-disable-all-filter-and-score-plugins"
@ -288,7 +288,7 @@ profiles:
apiVersion: kubescheduler.config.k8s.io/v1
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
`, configKubeconfig)), os.FileMode(0600)); err != nil {
t.Fatal(err)
}
@ -299,7 +299,7 @@ clientConnection:
apiVersion: kubescheduler.config.k8s.io/v1
kind: KubeSchedulerConfiguration
clientConnection:
kubeconfig: "%s"
kubeconfig: '%s'
leaderElection:
leaseDuration: 1h
`, configKubeconfig)), os.FileMode(0600)); err != nil {

28
cmd/kubeadm/app/apis/kubeadm/validation/util_unix.go Normal file
View File

@ -0,0 +1,28 @@
//go:build !windows
// +build !windows
/*
Copyright 2022 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package validation
import (
"path/filepath"
)
func isAbs(path string) bool {
return filepath.IsAbs(path)
}

30
cmd/kubeadm/app/apis/kubeadm/validation/util_windows.go Normal file
View File

@ -0,0 +1,30 @@
//go:build windows
// +build windows
/*
Copyright 2022 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package validation
import (
"path/filepath"
)
func isAbs(path string) bool {
// on Windows, filepath.IsAbs will not return True for paths prefixed with a slash, even
// though they can be used as absolute paths (https://docs.microsoft.com/en-us/dotnet/standard/io/file-path-formats).
return filepath.IsAbs(path) || (len(path) > 0 && (path[0] == '\\' || path[0] == '/'))
}

5
cmd/kubeadm/app/apis/kubeadm/validation/validation.go
View File

@ -21,7 +21,6 @@ import (
"net"
"net/url"
"os"
"path/filepath"
"strconv"
"strings"
@ -86,7 +85,7 @@ func ValidateJoinConfiguration(c *kubeadm.JoinConfiguration) field.ErrorList {
allErrs = append(allErrs, ValidateNodeRegistrationOptions(&c.NodeRegistration, field.NewPath("nodeRegistration"))...)
allErrs = append(allErrs, ValidateJoinControlPlane(c.ControlPlane, field.NewPath("controlPlane"))...)
if !filepath.IsAbs(c.CACertPath) || !strings.HasSuffix(c.CACertPath, ".crt") {
if !isAbs(c.CACertPath) || !strings.HasSuffix(c.CACertPath, ".crt") {
allErrs = append(allErrs, field.Invalid(field.NewPath("caCertPath"), c.CACertPath, "the ca certificate path must be an absolute path"))
}
return allErrs
@ -525,7 +524,7 @@ func ValidateNetworking(c *kubeadm.ClusterConfiguration, fldPath *field.Path) fi
// ValidateAbsolutePath validates whether provided path is absolute or not
func ValidateAbsolutePath(path string, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
if !filepath.IsAbs(path) {
if !isAbs(path) {
allErrs = append(allErrs, field.Invalid(fldPath, path, "path is not absolute"))
}
return allErrs

27
cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go
View File

@ -17,6 +17,7 @@ limitations under the License.
package validation
import (
"fmt"
"os"
"strings"
"testing"
@ -110,8 +111,9 @@ func TestValidateNodeRegistrationOptions(t *testing.T) {
{"valid-nodename", false}, // supported
// test cases for criSocket are covered in TestValidateSocketPath
}
criPath := fmt.Sprintf("%s:///some/path", kubeadmapiv1.DefaultContainerRuntimeURLScheme)
for _, rt := range tests {
nro := kubeadmapi.NodeRegistrationOptions{Name: rt.nodeName, CRISocket: "unix:///some/path"}
nro := kubeadmapi.NodeRegistrationOptions{Name: rt.nodeName, CRISocket: criPath}
actual := ValidateNodeRegistrationOptions(&nro, field.NewPath("nodeRegistration"))
actualErrors := len(actual) > 0
if actualErrors != rt.expectedErrors {
@ -456,6 +458,7 @@ func TestValidateAPIEndpoint(t *testing.T) {
// TODO: Create a separated test for ValidateClusterConfiguration
func TestValidateInitConfiguration(t *testing.T) {
nodename := "valid-nodename"
criPath := fmt.Sprintf("%s:///some/path", kubeadmapiv1.DefaultContainerRuntimeURLScheme)
var tests = []struct {
name string
s *kubeadmapi.InitConfiguration
@ -476,7 +479,7 @@ func TestValidateInitConfiguration(t *testing.T) {
},
CertificatesDir: "/some/cert/dir",
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath},
}, false},
{"invalid missing token with IPv6 service subnet",
&kubeadmapi.InitConfiguration{
@ -491,7 +494,7 @@ func TestValidateInitConfiguration(t *testing.T) {
},
CertificatesDir: "/some/cert/dir",
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath},
}, false},
{"invalid missing node name",
&kubeadmapi.InitConfiguration{
@ -521,7 +524,7 @@ func TestValidateInitConfiguration(t *testing.T) {
},
CertificatesDir: "/some/other/cert/dir",
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath},
}, false},
{"valid InitConfiguration with IPv4 service subnet",
&kubeadmapi.InitConfiguration{
@ -542,7 +545,7 @@ func TestValidateInitConfiguration(t *testing.T) {
},
CertificatesDir: "/some/other/cert/dir",
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath},
}, true},
{"valid InitConfiguration using IPv6 service subnet",
&kubeadmapi.InitConfiguration{
@ -562,7 +565,7 @@ func TestValidateInitConfiguration(t *testing.T) {
},
CertificatesDir: "/some/other/cert/dir",
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath},
}, true},
}
for _, rt := range tests {
@ -579,6 +582,7 @@ func TestValidateInitConfiguration(t *testing.T) {
}
func TestValidateJoinConfiguration(t *testing.T) {
criPath := fmt.Sprintf("%s:///var/run/containerd/containerd.sock", kubeadmapiv1.DefaultContainerRuntimeURLScheme)
var tests = []struct {
s *kubeadmapi.JoinConfiguration
expected bool
@ -607,7 +611,7 @@ func TestValidateJoinConfiguration(t *testing.T) {
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{
Name: "aaa",
CRISocket: "unix:///var/run/containerd/containerd.sock",
CRISocket: criPath,
},
}, true},
{&kubeadmapi.JoinConfiguration{ // Pass with JoinControlPlane
@ -622,7 +626,7 @@ func TestValidateJoinConfiguration(t *testing.T) {
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{
Name: "aaa",
CRISocket: "unix:///var/run/containerd/containerd.sock",
CRISocket: criPath,
},
ControlPlane: &kubeadmapi.JoinControlPlane{
LocalAPIEndpoint: kubeadmapi.APIEndpoint{
@ -643,7 +647,7 @@ func TestValidateJoinConfiguration(t *testing.T) {
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{
Name: "aaa",
CRISocket: "unix:///var/run/containerd/containerd.sock",
CRISocket: criPath,
},
ControlPlane: &kubeadmapi.JoinControlPlane{
LocalAPIEndpoint: kubeadmapi.APIEndpoint{
@ -664,7 +668,7 @@ func TestValidateJoinConfiguration(t *testing.T) {
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{
Name: "aaa",
CRISocket: "unix:///var/run/containerd/containerd.sock",
CRISocket: criPath,
},
ControlPlane: &kubeadmapi.JoinControlPlane{
LocalAPIEndpoint: kubeadmapi.APIEndpoint{
@ -1124,9 +1128,10 @@ func TestValidateEtcd(t *testing.T) {
actual := ValidateEtcd(tc.etcd, field.NewPath("etcd"))
actualErrors := len(actual) > 0
if actualErrors != tc.expectedErrors {
t.Errorf("Error: \n\texpected: %t\n\t actual: %t",
t.Errorf("Error: \n\texpected: %t\n\t actual: %t\n\t encountered errors: %v",
tc.expectedErrors,
actualErrors,
actual,
)
}
}

9
cmd/kubeadm/app/constants/constants_test.go
View File

@ -25,7 +25,7 @@ import (
)
func TestGetStaticPodDirectory(t *testing.T) {
expected := "/etc/kubernetes/manifests"
expected := filepath.FromSlash("/etc/kubernetes/manifests")
actual := GetStaticPodDirectory()
if actual != expected {
@ -51,7 +51,7 @@ func TestGetAdminKubeConfigPath(t *testing.T) {
}
func TestGetBootstrapKubeletKubeConfigPath(t *testing.T) {
expected := "/etc/kubernetes/bootstrap-kubelet.conf"
expected := filepath.FromSlash("/etc/kubernetes/bootstrap-kubelet.conf")
actual := GetBootstrapKubeletKubeConfigPath()
if actual != expected {
@ -64,7 +64,7 @@ func TestGetBootstrapKubeletKubeConfigPath(t *testing.T) {
}
func TestGetKubeletKubeConfigPath(t *testing.T) {
expected := "/etc/kubernetes/kubelet.conf"
expected := filepath.FromSlash("/etc/kubernetes/kubelet.conf")
actual := GetKubeletKubeConfigPath()
if actual != expected {
@ -99,7 +99,8 @@ func TestGetStaticPodFilepath(t *testing.T) {
for _, rt := range tests {
t.Run(rt.componentName, func(t *testing.T) {
actual := GetStaticPodFilepath(rt.componentName, rt.manifestsDir)
if actual != rt.expected {
expected := filepath.FromSlash(rt.expected)
if actual != expected {
t.Errorf(
"failed GetStaticPodFilepath:\n\texpected: %s\n\t actual: %s",
rt.expected,

370
cmd/kubeadm/app/phases/controlplane/manifests_test.go
View File

@ -205,31 +205,31 @@ func TestGetAPIServerCommand(t *testing.T) {
"kube-apiserver",
"--enable-admission-plugins=NodeRestriction",
"--service-cluster-ip-range=bar",
"--service-account-key-file=" + testCertsDir + "/sa.pub",
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
"--enable-bootstrap-token-auth=true",
"--secure-port=123",
"--allow-privileged=true",
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
"--requestheader-username-headers=X-Remote-User",
"--requestheader-group-headers=X-Remote-Group",
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--requestheader-allowed-names=front-proxy-client",
"--authorization-mode=Node,RBAC",
"--advertise-address=1.2.3.4",
fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort),
"--etcd-cafile=" + testCertsDir + "/etcd/ca.crt",
"--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt",
"--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key",
"--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"),
"--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"),
"--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"),
},
},
{
@ -243,31 +243,31 @@ func TestGetAPIServerCommand(t *testing.T) {
"kube-apiserver",
"--enable-admission-plugins=NodeRestriction",
"--service-cluster-ip-range=bar",
"--service-account-key-file=" + testCertsDir + "/sa.pub",
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
"--enable-bootstrap-token-auth=true",
fmt.Sprintf("--secure-port=%d", 123),
"--allow-privileged=true",
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
"--requestheader-username-headers=X-Remote-User",
"--requestheader-group-headers=X-Remote-Group",
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--requestheader-allowed-names=front-proxy-client",
"--authorization-mode=Node,RBAC",
"--advertise-address=2001:db8::1",
fmt.Sprintf("--etcd-servers=https://[::1]:%d", kubeadmconstants.EtcdListenClientPort),
"--etcd-cafile=" + testCertsDir + "/etcd/ca.crt",
"--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt",
"--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key",
"--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"),
"--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"),
"--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"),
},
},
{
@ -289,24 +289,24 @@ func TestGetAPIServerCommand(t *testing.T) {
"kube-apiserver",
"--enable-admission-plugins=NodeRestriction",
"--service-cluster-ip-range=bar",
"--service-account-key-file=" + testCertsDir + "/sa.pub",
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
fmt.Sprintf("--secure-port=%d", 123),
"--allow-privileged=true",
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
"--enable-bootstrap-token-auth=true",
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
"--requestheader-username-headers=X-Remote-User",
"--requestheader-group-headers=X-Remote-Group",
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--requestheader-allowed-names=front-proxy-client",
"--authorization-mode=Node,RBAC",
"--advertise-address=2001:db8::1",
@ -332,24 +332,24 @@ func TestGetAPIServerCommand(t *testing.T) {
"kube-apiserver",
"--enable-admission-plugins=NodeRestriction",
"--service-cluster-ip-range=bar",
"--service-account-key-file=" + testCertsDir + "/sa.pub",
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
fmt.Sprintf("--secure-port=%d", 123),
"--allow-privileged=true",
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
"--enable-bootstrap-token-auth=true",
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
"--requestheader-username-headers=X-Remote-User",
"--requestheader-group-headers=X-Remote-Group",
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--requestheader-allowed-names=front-proxy-client",
"--authorization-mode=Node,RBAC",
"--advertise-address=2001:db8::1",
@ -377,31 +377,31 @@ func TestGetAPIServerCommand(t *testing.T) {
"kube-apiserver",
"--enable-admission-plugins=NodeRestriction",
"--service-cluster-ip-range=baz",
"--service-account-key-file=" + testCertsDir + "/sa.pub",
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
"--enable-bootstrap-token-auth=true",
"--secure-port=123",
"--allow-privileged=true",
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
"--requestheader-username-headers=X-Remote-User",
"--requestheader-group-headers=X-Remote-Group",
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--requestheader-allowed-names=front-proxy-client",
"--authorization-mode=Node,RBAC",
"--advertise-address=9.9.9.9",
fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort),
"--etcd-cafile=" + testCertsDir + "/etcd/ca.crt",
"--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt",
"--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key",
"--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"),
"--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"),
"--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"),
"--audit-policy-file=/etc/config/audit.yaml",
"--audit-log-path=/var/log/kubernetes",
},
@ -424,31 +424,31 @@ func TestGetAPIServerCommand(t *testing.T) {
"kube-apiserver",
"--enable-admission-plugins=NodeRestriction",
"--service-cluster-ip-range=bar",
"--service-account-key-file=" + testCertsDir + "/sa.pub",
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
"--enable-bootstrap-token-auth=true",
"--secure-port=123",
"--allow-privileged=true",
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
"--requestheader-username-headers=X-Remote-User",
"--requestheader-group-headers=X-Remote-Group",
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--requestheader-allowed-names=front-proxy-client",
"--authorization-mode=ABAC",
"--advertise-address=1.2.3.4",
fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort),
"--etcd-cafile=" + testCertsDir + "/etcd/ca.crt",
"--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt",
"--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key",
"--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"),
"--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"),
"--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"),
},
},
{
@ -473,31 +473,31 @@ func TestGetAPIServerCommand(t *testing.T) {
"kube-apiserver",
"--enable-admission-plugins=NodeRestriction",
"--service-cluster-ip-range=bar",
"--service-account-key-file=" + testCertsDir + "/sa.pub",
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
"--enable-bootstrap-token-auth=true",
"--secure-port=123",
"--allow-privileged=true",
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
"--requestheader-username-headers=X-Remote-User",
"--requestheader-group-headers=X-Remote-Group",
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--requestheader-allowed-names=front-proxy-client",
"--authorization-mode=Node,RBAC,Webhook",
"--advertise-address=1.2.3.4",
fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort),
"--etcd-cafile=" + testCertsDir + "/etcd/ca.crt",
"--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt",
"--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key",
"--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"),
"--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"),
"--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"),
},
},
}
@ -549,17 +549,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--cluster-name=some-other-cluster-name",
},
},
@ -573,17 +573,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
},
},
{
@ -597,17 +597,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--allocate-node-cidrs=true",
"--cluster-cidr=10.0.1.15/16",
},
@ -627,17 +627,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--allocate-node-cidrs=true",
"--cluster-cidr=10.0.1.15/16",
"--service-cluster-ip-range=172.20.0.0/24",
@ -657,17 +657,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--allocate-node-cidrs=true",
"--cluster-cidr=10.0.1.15/16",
"--node-cidr-mask-size=20",
@ -689,17 +689,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--allocate-node-cidrs=true",
"--cluster-cidr=2001:db8::/64",
"--service-cluster-ip-range=fd03::/112",
@ -723,17 +723,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--allocate-node-cidrs=false",
"--cluster-cidr=2001:db8::/64",
"--service-cluster-ip-range=fd03::/112",
@ -754,17 +754,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--allocate-node-cidrs=true",
"--cluster-cidr=2001:db8::/64,10.1.0.0/16",
"--service-cluster-ip-range=fd03::/112,192.168.0.0/16",
@ -787,17 +787,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--allocate-node-cidrs=true",
"--cluster-cidr=10.0.1.15/16,2001:db8::/64",
"--node-cidr-mask-size-ipv4=20",
@ -840,17 +840,17 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + tmpdir + "/ca.crt",
"--service-account-private-key-file=" + tmpdir + "/sa.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(tmpdir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(tmpdir, "sa.key"),
"--cluster-signing-cert-file=",
"--cluster-signing-key-file=",
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + tmpdir + "/ca.crt",
"--requestheader-client-ca-file=" + tmpdir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(tmpdir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(tmpdir, "front-proxy-ca.crt"),
}
},
},
@ -869,17 +869,17 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + tmpdir + "/ca.crt",
"--service-account-private-key-file=" + tmpdir + "/sa.key",
"--cluster-signing-cert-file=" + tmpdir + "/ca.crt",
"--cluster-signing-key-file=" + tmpdir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(tmpdir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(tmpdir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(tmpdir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(tmpdir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + tmpdir + "/ca.crt",
"--requestheader-client-ca-file=" + tmpdir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(tmpdir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(tmpdir, "front-proxy-ca.crt"),
}
},
},
@ -932,9 +932,9 @@ func TestGetSchedulerCommand(t *testing.T) {
"kube-scheduler",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/scheduler.conf",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/scheduler.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/scheduler.conf",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "scheduler.conf"),
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "scheduler.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "scheduler.conf"),
},
},
}

2
cmd/kubeadm/app/phases/controlplane/volumes.go
View File

@ -177,7 +177,7 @@ func getEtcdCertVolumes(etcdCfg *kubeadmapi.ExternalEtcd, k8sCertificatesDir str
certPaths := []string{etcdCfg.CAFile, etcdCfg.CertFile, etcdCfg.KeyFile}
certDirs := sets.NewString()
for _, certPath := range certPaths {
certDir := filepath.Dir(certPath)
certDir := filepath.ToSlash(filepath.Dir(certPath))
// Ignore ".", which is the result of passing an empty path.
// Also ignore the cert directories that already may be mounted; /etc/ssl/certs, /etc/pki or Kubernetes CertificatesDir
// If the etcd certs are in there, it's okay, we don't have to do anything

19
cmd/kubeadm/app/phases/controlplane/volumes_test.go
View File

@ -19,6 +19,7 @@ package controlplane
import (
"fmt"
"os"
"path/filepath"
"reflect"
"testing"
@ -260,6 +261,8 @@ func TestGetEtcdCertVolumes(t *testing.T) {
func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
hostPathDirectoryOrCreate := v1.HostPathDirectoryOrCreate
hostPathFileOrCreate := v1.HostPathFileOrCreate
controllerManagerConfig := filepath.FromSlash("/etc/kubernetes/controller-manager.conf")
schedulerConfig := filepath.FromSlash("/etc/kubernetes/scheduler.conf")
volMap := make(map[string]map[string]v1.Volume)
volMap[kubeadmconstants.KubeAPIServer] = map[string]v1.Volume{}
volMap[kubeadmconstants.KubeAPIServer]["k8s-certs"] = v1.Volume{
@ -303,7 +306,7 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
Name: "kubeconfig",
VolumeSource: v1.VolumeSource{
HostPath: &v1.HostPathVolumeSource{
Path: "/etc/kubernetes/controller-manager.conf",
Path: controllerManagerConfig,
Type: &hostPathFileOrCreate,
},
},
@ -313,7 +316,7 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
Name: "kubeconfig",
VolumeSource: v1.VolumeSource{
HostPath: &v1.HostPathVolumeSource{
Path: "/etc/kubernetes/scheduler.conf",
Path: schedulerConfig,
Type: &hostPathFileOrCreate,
},
},
@ -343,13 +346,13 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
}
volMountMap[kubeadmconstants.KubeControllerManager]["kubeconfig"] = v1.VolumeMount{
Name: "kubeconfig",
MountPath: "/etc/kubernetes/controller-manager.conf",
MountPath: controllerManagerConfig,
ReadOnly: true,
}
volMountMap[kubeadmconstants.KubeScheduler] = map[string]v1.VolumeMount{}
volMountMap[kubeadmconstants.KubeScheduler]["kubeconfig"] = v1.VolumeMount{
Name: "kubeconfig",
MountPath: "/etc/kubernetes/scheduler.conf",
MountPath: schedulerConfig,
ReadOnly: true,
}
@ -414,7 +417,7 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
Name: "kubeconfig",
VolumeSource: v1.VolumeSource{
HostPath: &v1.HostPathVolumeSource{
Path: "/etc/kubernetes/controller-manager.conf",
Path: controllerManagerConfig,
Type: &hostPathFileOrCreate,
},
},
@ -424,7 +427,7 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
Name: "kubeconfig",
VolumeSource: v1.VolumeSource{
HostPath: &v1.HostPathVolumeSource{
Path: "/etc/kubernetes/scheduler.conf",
Path: schedulerConfig,
Type: &hostPathFileOrCreate,
},
},
@ -464,13 +467,13 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
}
volMountMap2[kubeadmconstants.KubeControllerManager]["kubeconfig"] = v1.VolumeMount{
Name: "kubeconfig",
MountPath: "/etc/kubernetes/controller-manager.conf",
MountPath: controllerManagerConfig,
ReadOnly: true,
}
volMountMap2[kubeadmconstants.KubeScheduler] = map[string]v1.VolumeMount{}
volMountMap2[kubeadmconstants.KubeScheduler]["kubeconfig"] = v1.VolumeMount{
Name: "kubeconfig",
MountPath: "/etc/kubernetes/scheduler.conf",
MountPath: schedulerConfig,
ReadOnly: true,
}
var tests = []struct {

48
cmd/kubeadm/app/phases/etcd/local_test.go
View File

@ -184,13 +184,13 @@ func TestGetEtcdCommand(t *testing.T) {
fmt.Sprintf("--listen-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
fmt.Sprintf("--initial-advertise-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
"--data-dir=/var/lib/etcd",
"--cert-file=" + kubeadmconstants.EtcdServerCertName,
"--key-file=" + kubeadmconstants.EtcdServerKeyName,
"--trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
"--cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerCertName),
"--key-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerKeyName),
"--trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
"--client-cert-auth=true",
"--peer-cert-file=" + kubeadmconstants.EtcdPeerCertName,
"--peer-key-file=" + kubeadmconstants.EtcdPeerKeyName,
"--peer-trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
"--peer-cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerCertName),
"--peer-key-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerKeyName),
"--peer-trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
"--snapshot-count=10000",
"--peer-client-cert-auth=true",
fmt.Sprintf("--initial-cluster=foo=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
@ -215,13 +215,13 @@ func TestGetEtcdCommand(t *testing.T) {
fmt.Sprintf("--listen-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
fmt.Sprintf("--initial-advertise-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
"--data-dir=/var/lib/etcd",
"--cert-file=" + kubeadmconstants.EtcdServerCertName,
"--key-file=" + kubeadmconstants.EtcdServerKeyName,
"--trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
"--cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerCertName),
"--key-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerKeyName),
"--trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
"--client-cert-auth=true",
"--peer-cert-file=" + kubeadmconstants.EtcdPeerCertName,
"--peer-key-file=" + kubeadmconstants.EtcdPeerKeyName,
"--peer-trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
"--peer-cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerCertName),
"--peer-key-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerKeyName),
"--peer-trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
"--snapshot-count=10000",
"--peer-client-cert-auth=true",
"--initial-cluster-state=existing",
@ -247,13 +247,13 @@ func TestGetEtcdCommand(t *testing.T) {
fmt.Sprintf("--listen-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
fmt.Sprintf("--initial-advertise-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
"--data-dir=/var/lib/etcd",
"--cert-file=" + kubeadmconstants.EtcdServerCertName,
"--key-file=" + kubeadmconstants.EtcdServerKeyName,
"--trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
"--cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerCertName),
"--key-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerKeyName),
"--trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
"--client-cert-auth=true",
"--peer-cert-file=" + kubeadmconstants.EtcdPeerCertName,
"--peer-key-file=" + kubeadmconstants.EtcdPeerKeyName,
"--peer-trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
"--peer-cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerCertName),
"--peer-key-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerKeyName),
"--peer-trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
"--snapshot-count=10000",
"--peer-client-cert-auth=true",
fmt.Sprintf("--initial-cluster=bar=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
@ -274,13 +274,13 @@ func TestGetEtcdCommand(t *testing.T) {
fmt.Sprintf("--listen-peer-urls=https://[2001:db8::3]:%d", kubeadmconstants.EtcdListenPeerPort),
fmt.Sprintf("--initial-advertise-peer-urls=https://[2001:db8::3]:%d", kubeadmconstants.EtcdListenPeerPort),
"--data-dir=/var/lib/etcd",
"--cert-file=" + kubeadmconstants.EtcdServerCertName,
"--key-file=" + kubeadmconstants.EtcdServerKeyName,
"--trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
"--cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerCertName),
"--key-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerKeyName),
"--trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
"--client-cert-auth=true",
"--peer-cert-file=" + kubeadmconstants.EtcdPeerCertName,
"--peer-key-file=" + kubeadmconstants.EtcdPeerKeyName,
"--peer-trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
"--peer-cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerCertName),
"--peer-key-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerKeyName),
"--peer-trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
"--snapshot-count=10000",
"--peer-client-cert-auth=true",
fmt.Sprintf("--initial-cluster=foo=https://[2001:db8::3]:%d", kubeadmconstants.EtcdListenPeerPort),

4
cmd/kubeadm/app/phases/upgrade/postupgrade_test.go
View File

@ -39,14 +39,14 @@ func TestMoveFiles(t *testing.T) {
if err != nil {
t.Fatalf("Failed to create cert file %s: %v", certPath, err)
}
defer certFile.Close()
certFile.Close()
keyPath := filepath.Join(tmpdir, constants.APIServerKeyName)
keyFile, err := os.OpenFile(keyPath, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0666)
if err != nil {
t.Fatalf("Failed to create key file %s: %v", keyPath, err)
}
defer keyFile.Close()
keyFile.Close()
subDir := filepath.Join(tmpdir, "expired")
if err := os.Mkdir(subDir, 0766); err != nil {

19
cmd/kubeadm/app/util/pkiutil/pki_helpers_test.go
View File

@ -25,6 +25,7 @@ import (
"fmt"
"net"
"os"
"path/filepath"
"reflect"
"testing"
@ -538,38 +539,44 @@ func TestTryLoadKeyFromDisk(t *testing.T) {
func TestPathsForCertAndKey(t *testing.T) {
crtPath, keyPath := PathsForCertAndKey("/foo", "bar")
if crtPath != "/foo/bar.crt" {
expectedPath := filepath.FromSlash("/foo/bar.crt")
if crtPath != expectedPath {
t.Errorf("unexpected certificate path: %s", crtPath)
}
if keyPath != "/foo/bar.key" {
expectedPath = filepath.FromSlash("/foo/bar.key")
if keyPath != expectedPath {
t.Errorf("unexpected key path: %s", keyPath)
}
}
func TestPathForCert(t *testing.T) {
crtPath := pathForCert("/foo", "bar")
if crtPath != "/foo/bar.crt" {
expectedPath := filepath.FromSlash("/foo/bar.crt")
if crtPath != expectedPath {
t.Errorf("unexpected certificate path: %s", crtPath)
}
}
func TestPathForKey(t *testing.T) {
keyPath := pathForKey("/foo", "bar")
if keyPath != "/foo/bar.key" {
expectedPath := filepath.FromSlash("/foo/bar.key")
if keyPath != expectedPath {
t.Errorf("unexpected certificate path: %s", keyPath)
}
}
func TestPathForPublicKey(t *testing.T) {
pubPath := pathForPublicKey("/foo", "bar")
if pubPath != "/foo/bar.pub" {
expectedPath := filepath.FromSlash("/foo/bar.pub")
if pubPath != expectedPath {
t.Errorf("unexpected certificate path: %s", pubPath)
}
}
func TestPathForCSR(t *testing.T) {
csrPath := pathForCSR("/foo", "bar")
if csrPath != "/foo/bar.csr" {
expectedPath := filepath.FromSlash("/foo/bar.csr")
if csrPath != expectedPath {
t.Errorf("unexpected certificate path: %s", csrPath)
}
}