mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-05 02:09:56 +00:00
Do not bind webhook port if webhooks are not present
This commit is contained in:
Keerthan Reddy Mala
parent
8119e57c07
commit
0e4648daf2
@ -201,7 +201,7 @@ func (o *CloudControllerManagerOptions) ApplyTo(c *config.Config, allControllers
|
||||
}
|
||||
}
|
||||
if o.WebhookServing != nil {
|
||||
if err = o.WebhookServing.ApplyTo(&c.WebhookSecureServing); err != nil {
|
||||
if err = o.WebhookServing.ApplyTo(&c.WebhookSecureServing, c.ComponentConfig.Webhook); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
@ -434,6 +434,7 @@ func TestCreateConfig(t *testing.T) {
|
||||
|
||||
// Don't check
|
||||
c.SecureServing = nil
|
||||
assert.NotNil(t, c.WebhookSecureServing, "webhook secureserving shouldn't be nil")
|
||||
c.WebhookSecureServing = nil
|
||||
c.Authentication = apiserver.AuthenticationInfo{}
|
||||
c.Authorization = apiserver.AuthorizationInfo{}
|
||||
@ -451,6 +452,143 @@ func TestCreateConfig(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestCreateConfigWithoutWebHooks(t *testing.T) {
|
||||
fs := pflag.NewFlagSet("addflagstest", pflag.ContinueOnError)
|
||||
|
||||
s, err := NewCloudControllerManagerOptions()
|
||||
if err != nil {
|
||||
t.Errorf("unexpected err: %v", err)
|
||||
}
|
||||
|
||||
for _, f := range s.Flags([]string{""}, []string{""}, nil, []string{""}, []string{""}).FlagSets {
|
||||
fs.AddFlagSet(f)
|
||||
}
|
||||
|
||||
tmpdir, err := os.MkdirTemp("", "options_test")
|
||||
if err != nil {
|
||||
t.Fatalf("%s", err)
|
||||
}
|
||||
defer func() {
|
||||
if err := os.RemoveAll(tmpdir); err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
}()
|
||||
|
||||
args := []string{
|
||||
"--allocate-node-cidrs=true",
|
||||
"--authorization-always-allow-paths=",
|
||||
"--bind-address=0.0.0.0",
|
||||
"--secure-port=10200",
|
||||
fmt.Sprintf("--cert-dir=%s/certs", tmpdir),
|
||||
"--cloud-provider=aws",
|
||||
"--cluster-cidr=1.2.3.4/24",
|
||||
"--cluster-name=k8s",
|
||||
"--configure-cloud-routes=false",
|
||||
"--contention-profiling=true",
|
||||
"--controller-start-interval=2m",
|
||||
"--controllers=foo,bar",
|
||||
"--concurrent-node-syncs=1",
|
||||
"--http2-max-streams-per-connection=47",
|
||||
"--kube-api-burst=101",
|
||||
"--kube-api-content-type=application/vnd.kubernetes.protobuf",
|
||||
"--kube-api-qps=50.0",
|
||||
"--leader-elect=false",
|
||||
"--leader-elect-lease-duration=30s",
|
||||
"--leader-elect-renew-deadline=15s",
|
||||
"--leader-elect-resource-lock=configmap",
|
||||
"--leader-elect-retry-period=5s",
|
||||
"--master=192.168.4.20",
|
||||
"--min-resync-period=100m",
|
||||
"--node-status-update-frequency=10m",
|
||||
"--profiling=false",
|
||||
"--route-reconciliation-period=30s",
|
||||
"--use-service-account-credentials=false",
|
||||
}
|
||||
err = fs.Parse(args)
|
||||
if err != nil {
|
||||
t.Errorf("error parsing the arguments, error : %v", err)
|
||||
}
|
||||
|
||||
fs.VisitAll(func(f *pflag.Flag) {
|
||||
fmt.Printf("%s: %s\n", f.Name, f.Value)
|
||||
})
|
||||
|
||||
c, err := s.Config([]string{"foo", "bar"}, []string{}, nil, []string{"foo", "bar", "baz"}, []string{})
|
||||
if err != nil {
|
||||
t.Errorf("error generating config, error : %v", err)
|
||||
}
|
||||
|
||||
expected := &appconfig.Config{
|
||||
ComponentConfig: cpconfig.CloudControllerManagerConfiguration{
|
||||
Generic: cmconfig.GenericControllerManagerConfiguration{
|
||||
Address: "0.0.0.0",
|
||||
MinResyncPeriod: metav1.Duration{Duration: 100 * time.Minute},
|
||||
ClientConnection: componentbaseconfig.ClientConnectionConfiguration{
|
||||
ContentType: "application/vnd.kubernetes.protobuf",
|
||||
QPS: 50.0,
|
||||
Burst: 101,
|
||||
},
|
||||
ControllerStartInterval: metav1.Duration{Duration: 2 * time.Minute},
|
||||
LeaderElection: componentbaseconfig.LeaderElectionConfiguration{
|
||||
ResourceLock: "configmap",
|
||||
LeaderElect: false,
|
||||
LeaseDuration: metav1.Duration{Duration: 30 * time.Second},
|
||||
RenewDeadline: metav1.Duration{Duration: 15 * time.Second},
|
||||
RetryPeriod: metav1.Duration{Duration: 5 * time.Second},
|
||||
ResourceName: "cloud-controller-manager",
|
||||
ResourceNamespace: "kube-system",
|
||||
},
|
||||
Controllers: []string{"foo", "bar"},
|
||||
Debugging: componentbaseconfig.DebuggingConfiguration{
|
||||
EnableProfiling: false,
|
||||
EnableContentionProfiling: true,
|
||||
},
|
||||
LeaderMigration: cmconfig.LeaderMigrationConfiguration{},
|
||||
},
|
||||
KubeCloudShared: cpconfig.KubeCloudSharedConfiguration{
|
||||
RouteReconciliationPeriod: metav1.Duration{Duration: 30 * time.Second},
|
||||
NodeMonitorPeriod: metav1.Duration{Duration: 5 * time.Second},
|
||||
ClusterName: "k8s",
|
||||
ClusterCIDR: "1.2.3.4/24",
|
||||
AllocateNodeCIDRs: true,
|
||||
CIDRAllocatorType: "RangeAllocator",
|
||||
ConfigureCloudRoutes: false,
|
||||
CloudProvider: cpconfig.CloudProviderConfiguration{
|
||||
Name: "aws",
|
||||
CloudConfigFile: "",
|
||||
},
|
||||
},
|
||||
ServiceController: serviceconfig.ServiceControllerConfiguration{
|
||||
ConcurrentServiceSyncs: 1,
|
||||
},
|
||||
NodeController: nodeconfig.NodeControllerConfiguration{ConcurrentNodeSyncs: 1},
|
||||
NodeStatusUpdateFrequency: metav1.Duration{Duration: 10 * time.Minute},
|
||||
Webhook: cpconfig.WebhookConfiguration{},
|
||||
},
|
||||
SecureServing: nil,
|
||||
WebhookSecureServing: nil,
|
||||
Authentication: apiserver.AuthenticationInfo{},
|
||||
Authorization: apiserver.AuthorizationInfo{},
|
||||
}
|
||||
|
||||
// Don't check
|
||||
c.SecureServing = nil
|
||||
c.Authentication = apiserver.AuthenticationInfo{}
|
||||
c.Authorization = apiserver.AuthorizationInfo{}
|
||||
c.SharedInformers = nil
|
||||
c.VersionedClient = nil
|
||||
c.ClientBuilder = nil
|
||||
c.EventRecorder = nil
|
||||
c.EventBroadcaster = nil
|
||||
c.Kubeconfig = nil
|
||||
c.Client = nil
|
||||
c.LoopbackClientConfig = nil
|
||||
|
||||
if !reflect.DeepEqual(expected, c) {
|
||||
t.Errorf("Got different config than expected.\nDifference detected on:\n%s", cmp.Diff(expected, c))
|
||||
}
|
||||
}
|
||||
|
||||
func TestCloudControllerManagerAliases(t *testing.T) {
|
||||
opts, err := NewCloudControllerManagerOptions()
|
||||
if err != nil {
|
||||
|
||||
@ -151,7 +151,7 @@ func (o *WebhookServingOptions) Validate() []error {
|
||||
return allErrors
|
||||
}
|
||||
|
||||
func (o *WebhookServingOptions) ApplyTo(cfg **server.SecureServingInfo) error {
|
||||
func (o *WebhookServingOptions) ApplyTo(cfg **server.SecureServingInfo, webhookCfg config.WebhookConfiguration) error {
|
||||
if o == nil {
|
||||
return nil
|
||||
}
|
||||
@ -159,6 +159,10 @@ func (o *WebhookServingOptions) ApplyTo(cfg **server.SecureServingInfo) error {
|
||||
if o.BindPort <= 0 {
|
||||
return nil
|
||||
}
|
||||
// no need to bind to the address if there are no webhook enabled.
|
||||
if len(webhookCfg.Webhooks) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
var err error
|
||||
var listener net.Listener
|
||||
|
||||
Loading…
Reference in New Issue
Block a user