kubeadm: improve the kubeconfig file validation phase

When a kubeconfig file is read from disk it may lack the propper mapping between contexts and clusters. In such a case the kubeconfig phase backend will panic, without throwing a sensible error. Add nil checks for a couple of map operations in validateKubeConfig().
2025-07-23 03:41:45 +00:00 · 2019-06-19 14:39:12 +03:00 · 2019-06-19 14:39:12 +03:00 · 14408bec87
commit 14408bec87
parent 9162d932cf
1 changed files with 6 additions and 0 deletions
--- a/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go
+++ b/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go
@ -224,7 +224,13 @@ func validateKubeConfig(outDir, filename string, config *clientcmdapi.Config) er
 	expectedCtx := config.CurrentContext
 	expectedCluster := config.Contexts[expectedCtx].Cluster
 	currentCtx := currentConfig.CurrentContext
+	if currentConfig.Contexts[currentCtx] == nil {
+		return errors.Errorf("failed to find CurrentContext in Contexts of the kubeconfig file %s", kubeConfigFilePath)
+	}
 	currentCluster := currentConfig.Contexts[currentCtx].Cluster
+	if currentConfig.Clusters[currentCluster] == nil {
+		return errors.Errorf("failed to find the given CurrentContext Cluster in Clusters of the kubeconfig file %s", kubeConfigFilePath)
+	}

 	// If the current CA cert on disk doesn't match the expected CA cert, error out because we have a file, but it's stale
 	if !bytes.Equal(currentConfig.Clusters[currentCluster].CertificateAuthorityData, config.Clusters[expectedCluster].CertificateAuthorityData) {