kube-apiserver: move cloud provider validation into options

Signed-off-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>

cmd/kube-apiserver/app/options/validation.go

@@ -130,6 +130,7 @@ func (s CompletedOptions) Validate() []error {
 	var errs []error
 
 	errs = append(errs, s.CompletedOptions.Validate()...)
+	errs = append(errs, s.CloudProvider.Validate()...)
 	errs = append(errs, validateClusterIPFlags(s.Extra)...)
 	errs = append(errs, validateServiceNodePort(s.Extra)...)
 	errs = append(errs, validatePublicIPServiceClusterIPRangeIPFamilies(s.Extra, *s.GenericServerRunOptions)...)

cmd/kube-apiserver/app/server.go

@@ -46,7 +46,6 @@ import (
 	clientset "k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/util/keyutil"
-	cloudprovider "k8s.io/cloud-provider"
 	cliflag "k8s.io/component-base/cli/flag"
 	"k8s.io/component-base/cli/globalflag"
 	"k8s.io/component-base/logs"
@@ -58,7 +57,6 @@ import (
 	"k8s.io/klog/v2"
 	aggregatorapiserver "k8s.io/kube-aggregator/pkg/apiserver"
 	aggregatorscheme "k8s.io/kube-aggregator/pkg/apiserver/scheme"
-	"k8s.io/kubernetes/pkg/features"
 
 	"k8s.io/kubernetes/cmd/kube-apiserver/app/options"
 	"k8s.io/kubernetes/pkg/api/legacyscheme"
@@ -66,9 +64,9 @@ import (
 	"k8s.io/kubernetes/pkg/controlplane"
 	controlplaneapiserver "k8s.io/kubernetes/pkg/controlplane/apiserver"
 	"k8s.io/kubernetes/pkg/controlplane/reconcilers"
+	"k8s.io/kubernetes/pkg/features"
 	generatedopenapi "k8s.io/kubernetes/pkg/generated/openapi"
 	kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
-	kubeoptions "k8s.io/kubernetes/pkg/kubeapiserver/options"
 	"k8s.io/kubernetes/pkg/serviceaccount"
 )
 
@@ -294,11 +292,6 @@ func CreateKubeAPIServerConfig(opts options.CompletedOptions) (
 		config.ExtraConfig.ClusterAuthenticationInfo.RequestHeaderUsernameHeaders = requestHeaderConfig.UsernameHeaders
 	}
 
-	err = validateCloudProviderOptions(opts.CloudProvider)
-	if err != nil {
-		return nil, nil, nil, fmt.Errorf("failed to validate cloud provider: %w", err)
-	}
-
 	// setup admission
 	admissionConfig := &kubeapiserveradmission.Config{
 		ExternalInformers:    versionedInformers,
@@ -363,34 +356,6 @@ func CreateKubeAPIServerConfig(opts options.CompletedOptions) (
 	return config, serviceResolver, pluginInitializers, nil
 }
 
-func validateCloudProviderOptions(opts *kubeoptions.CloudProviderOptions) error {
-	if opts.CloudProvider == "" {
-		return nil
-	}
-	if opts.CloudProvider == "external" {
-		if !utilfeature.DefaultFeatureGate.Enabled(features.DisableCloudProviders) {
-			return fmt.Errorf("when using --cloud-provider set to '%s', "+
-				"please set DisableCloudProviders feature to true", opts.CloudProvider)
-		}
-		if !utilfeature.DefaultFeatureGate.Enabled(features.DisableKubeletCloudCredentialProviders) {
-			return fmt.Errorf("when using --cloud-provider set to '%s', "+
-				"please set DisableKubeletCloudCredentialProviders feature to true", opts.CloudProvider)
-		}
-		return nil
-	} else if cloudprovider.IsDeprecatedInternal(opts.CloudProvider) {
-		if utilfeature.DefaultFeatureGate.Enabled(features.DisableCloudProviders) {
-			return fmt.Errorf("when using --cloud-provider set to '%s', "+
-				"please set DisableCloudProviders feature to false", opts.CloudProvider)
-		}
-		if utilfeature.DefaultFeatureGate.Enabled(features.DisableKubeletCloudCredentialProviders) {
-			return fmt.Errorf("when using --cloud-provider set to '%s', "+
-				"please set DisableKubeletCloudCredentialProviders feature to false", opts.CloudProvider)
-		}
-		return nil
-	}
-	return fmt.Errorf("unknown --cloud-provider : %s", opts.CloudProvider)
-}
-
 var testServiceResolver webhook.ServiceResolver
 
 // SetServiceResolverForTests allows the service resolver to be overridden during tests.

pkg/kubeapiserver/options/cloudprovider.go

@@ -17,7 +17,12 @@ limitations under the License.
 package options
 
 import (
+	"fmt"
+
 	"github.com/spf13/pflag"
+	utilfeature "k8s.io/apiserver/pkg/util/feature"
+	cloudprovider "k8s.io/cloud-provider"
+	"k8s.io/kubernetes/pkg/features"
 )
 
 // CloudProviderOptions contains cloud provider config
@@ -32,9 +37,35 @@ func NewCloudProviderOptions() *CloudProviderOptions {
 }
 
 // Validate checks invalid config
-func (s *CloudProviderOptions) Validate() []error {
-	allErrors := []error{}
-	return allErrors
+func (opts *CloudProviderOptions) Validate() []error {
+	var errs []error
+
+	switch {
+	case opts.CloudProvider == "":
+	case opts.CloudProvider == "external":
+		if !utilfeature.DefaultFeatureGate.Enabled(features.DisableCloudProviders) {
+			errs = append(errs, fmt.Errorf("when using --cloud-provider set to '%s', "+
+				"please set DisableCloudProviders feature to true", opts.CloudProvider))
+		}
+		if !utilfeature.DefaultFeatureGate.Enabled(features.DisableKubeletCloudCredentialProviders) {
+			errs = append(errs, fmt.Errorf("when using --cloud-provider set to '%s', "+ //nolint:staticcheck,ineffassign // false positive
+				"please set DisableKubeletCloudCredentialProviders feature to true", opts.CloudProvider))
+		}
+		return nil
+	case cloudprovider.IsDeprecatedInternal(opts.CloudProvider):
+		if utilfeature.DefaultFeatureGate.Enabled(features.DisableCloudProviders) {
+			errs = append(errs, fmt.Errorf("when using --cloud-provider set to '%s', "+
+				"please set DisableCloudProviders feature to false", opts.CloudProvider))
+		}
+		if utilfeature.DefaultFeatureGate.Enabled(features.DisableKubeletCloudCredentialProviders) {
+			errs = append(errs, fmt.Errorf("when using --cloud-provider set to '%s', "+
+				"please set DisableKubeletCloudCredentialProviders feature to false", opts.CloudProvider))
+		}
+	default:
+		errs = append(errs, fmt.Errorf("unknown --cloud-provider: %s", opts.CloudProvider))
+	}
+
+	return errs
 }
 
 // AddFlags returns flags of cloud provider for a API Server