diff --git a/cmd/kube-apiserver/app/options/validation.go b/cmd/kube-apiserver/app/options/validation.go index 53dcdf5e628..38c8bce6d76 100644 --- a/cmd/kube-apiserver/app/options/validation.go +++ b/cmd/kube-apiserver/app/options/validation.go @@ -130,6 +130,7 @@ func (s CompletedOptions) Validate() []error { var errs []error errs = append(errs, s.CompletedOptions.Validate()...) + errs = append(errs, s.CloudProvider.Validate()...) errs = append(errs, validateClusterIPFlags(s.Extra)...) errs = append(errs, validateServiceNodePort(s.Extra)...) errs = append(errs, validatePublicIPServiceClusterIPRangeIPFamilies(s.Extra, *s.GenericServerRunOptions)...) diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index 04deb53bee0..f8eefb7c7dd 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -46,7 +46,6 @@ import ( clientset "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" "k8s.io/client-go/util/keyutil" - cloudprovider "k8s.io/cloud-provider" cliflag "k8s.io/component-base/cli/flag" "k8s.io/component-base/cli/globalflag" "k8s.io/component-base/logs" @@ -58,7 +57,6 @@ import ( "k8s.io/klog/v2" aggregatorapiserver "k8s.io/kube-aggregator/pkg/apiserver" aggregatorscheme "k8s.io/kube-aggregator/pkg/apiserver/scheme" - "k8s.io/kubernetes/pkg/features" "k8s.io/kubernetes/cmd/kube-apiserver/app/options" "k8s.io/kubernetes/pkg/api/legacyscheme" @@ -66,9 +64,9 @@ import ( "k8s.io/kubernetes/pkg/controlplane" controlplaneapiserver "k8s.io/kubernetes/pkg/controlplane/apiserver" "k8s.io/kubernetes/pkg/controlplane/reconcilers" + "k8s.io/kubernetes/pkg/features" generatedopenapi "k8s.io/kubernetes/pkg/generated/openapi" kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission" - kubeoptions "k8s.io/kubernetes/pkg/kubeapiserver/options" "k8s.io/kubernetes/pkg/serviceaccount" ) @@ -294,11 +292,6 @@ func CreateKubeAPIServerConfig(opts options.CompletedOptions) ( config.ExtraConfig.ClusterAuthenticationInfo.RequestHeaderUsernameHeaders = requestHeaderConfig.UsernameHeaders } - err = validateCloudProviderOptions(opts.CloudProvider) - if err != nil { - return nil, nil, nil, fmt.Errorf("failed to validate cloud provider: %w", err) - } - // setup admission admissionConfig := &kubeapiserveradmission.Config{ ExternalInformers: versionedInformers, @@ -363,34 +356,6 @@ func CreateKubeAPIServerConfig(opts options.CompletedOptions) ( return config, serviceResolver, pluginInitializers, nil } -func validateCloudProviderOptions(opts *kubeoptions.CloudProviderOptions) error { - if opts.CloudProvider == "" { - return nil - } - if opts.CloudProvider == "external" { - if !utilfeature.DefaultFeatureGate.Enabled(features.DisableCloudProviders) { - return fmt.Errorf("when using --cloud-provider set to '%s', "+ - "please set DisableCloudProviders feature to true", opts.CloudProvider) - } - if !utilfeature.DefaultFeatureGate.Enabled(features.DisableKubeletCloudCredentialProviders) { - return fmt.Errorf("when using --cloud-provider set to '%s', "+ - "please set DisableKubeletCloudCredentialProviders feature to true", opts.CloudProvider) - } - return nil - } else if cloudprovider.IsDeprecatedInternal(opts.CloudProvider) { - if utilfeature.DefaultFeatureGate.Enabled(features.DisableCloudProviders) { - return fmt.Errorf("when using --cloud-provider set to '%s', "+ - "please set DisableCloudProviders feature to false", opts.CloudProvider) - } - if utilfeature.DefaultFeatureGate.Enabled(features.DisableKubeletCloudCredentialProviders) { - return fmt.Errorf("when using --cloud-provider set to '%s', "+ - "please set DisableKubeletCloudCredentialProviders feature to false", opts.CloudProvider) - } - return nil - } - return fmt.Errorf("unknown --cloud-provider : %s", opts.CloudProvider) -} - var testServiceResolver webhook.ServiceResolver // SetServiceResolverForTests allows the service resolver to be overridden during tests. diff --git a/pkg/kubeapiserver/options/cloudprovider.go b/pkg/kubeapiserver/options/cloudprovider.go index e1c50925b1f..d19ffdaca6a 100644 --- a/pkg/kubeapiserver/options/cloudprovider.go +++ b/pkg/kubeapiserver/options/cloudprovider.go @@ -17,7 +17,12 @@ limitations under the License. package options import ( + "fmt" + "github.com/spf13/pflag" + utilfeature "k8s.io/apiserver/pkg/util/feature" + cloudprovider "k8s.io/cloud-provider" + "k8s.io/kubernetes/pkg/features" ) // CloudProviderOptions contains cloud provider config @@ -32,9 +37,35 @@ func NewCloudProviderOptions() *CloudProviderOptions { } // Validate checks invalid config -func (s *CloudProviderOptions) Validate() []error { - allErrors := []error{} - return allErrors +func (opts *CloudProviderOptions) Validate() []error { + var errs []error + + switch { + case opts.CloudProvider == "": + case opts.CloudProvider == "external": + if !utilfeature.DefaultFeatureGate.Enabled(features.DisableCloudProviders) { + errs = append(errs, fmt.Errorf("when using --cloud-provider set to '%s', "+ + "please set DisableCloudProviders feature to true", opts.CloudProvider)) + } + if !utilfeature.DefaultFeatureGate.Enabled(features.DisableKubeletCloudCredentialProviders) { + errs = append(errs, fmt.Errorf("when using --cloud-provider set to '%s', "+ //nolint:staticcheck,ineffassign // false positive + "please set DisableKubeletCloudCredentialProviders feature to true", opts.CloudProvider)) + } + return nil + case cloudprovider.IsDeprecatedInternal(opts.CloudProvider): + if utilfeature.DefaultFeatureGate.Enabled(features.DisableCloudProviders) { + errs = append(errs, fmt.Errorf("when using --cloud-provider set to '%s', "+ + "please set DisableCloudProviders feature to false", opts.CloudProvider)) + } + if utilfeature.DefaultFeatureGate.Enabled(features.DisableKubeletCloudCredentialProviders) { + errs = append(errs, fmt.Errorf("when using --cloud-provider set to '%s', "+ + "please set DisableKubeletCloudCredentialProviders feature to false", opts.CloudProvider)) + } + default: + errs = append(errs, fmt.Errorf("unknown --cloud-provider: %s", opts.CloudProvider)) + } + + return errs } // AddFlags returns flags of cloud provider for a API Server