Merge pull request #67487 from tianshapjq/validate-system-kube-reserved

validate systemReservedCgroup and kubeReservedCgroup
2025-07-25 04:33:26 +00:00 · 2019-03-19 21:26:22 -07:00 · 2019-03-19 21:26:22 -07:00 · 16b5f7d3c5
commit 16b5f7d3c5
parent c7e56c7ea1 362f7e2a09
3 changed files with 11 additions and 1 deletions
--- a/cmd/kubeadm/app/componentconfigs/validation_test.go
+++ b/cmd/kubeadm/app/componentconfigs/validation_test.go
@ -299,6 +299,8 @@ func TestValidateKubeletConfiguration(t *testing.T) {
 					Kubelet: &kubeletconfig.KubeletConfiguration{
 						CgroupsPerQOS:               true,
 						EnforceNodeAllocatable:      []string{"pods", "system-reserved", "kube-reserved"},
+						SystemReservedCgroup:        "/system.slice",
+						KubeReservedCgroup:          "/kubelet.service",
 						SystemCgroups:               "",
 						CgroupRoot:                  "",
 						EventBurst:                  10,
--- a/pkg/kubelet/apis/config/validation/validation.go
+++ b/pkg/kubelet/apis/config/validation/validation.go
@ -113,7 +113,13 @@ func ValidateKubeletConfiguration(kc *kubeletconfig.KubeletConfiguration) error
 		switch val {
 		case kubetypes.NodeAllocatableEnforcementKey:
 		case kubetypes.SystemReservedEnforcementKey:
+			if kc.SystemReservedCgroup == "" {
+				allErrors = append(allErrors, fmt.Errorf("invalid configuration: systemReservedCgroup (--system-reserved-cgroup) must be specified when system-reserved contained in EnforceNodeAllocatable (--enforce-node-allocatable)"))
+			}
 		case kubetypes.KubeReservedEnforcementKey:
+			if kc.KubeReservedCgroup == "" {
+				allErrors = append(allErrors, fmt.Errorf("invalid configuration: kubeReservedCgroup (--kube-reserved-cgroup) must be specified when kube-reserved contained in EnforceNodeAllocatable (--enforce-node-allocatable)"))
+			}
 		case kubetypes.NodeAllocatableNoneKey:
 			if len(kc.EnforceNodeAllocatable) > 1 {
 				allErrors = append(allErrors, fmt.Errorf("invalid configuration: EnforceNodeAllocatable (--enforce-node-allocatable) may not contain additional enforcements when '%s' is specified", kubetypes.NodeAllocatableNoneKey))
--- a/pkg/kubelet/apis/config/validation/validation_test.go
+++ b/pkg/kubelet/apis/config/validation/validation_test.go
@ -29,6 +29,8 @@ func TestValidateKubeletConfiguration(t *testing.T) {
 	successCase := &kubeletconfig.KubeletConfiguration{
 		CgroupsPerQOS:               true,
 		EnforceNodeAllocatable:      []string{"pods", "system-reserved", "kube-reserved"},
+		SystemReservedCgroup:        "/system.slice",
+		KubeReservedCgroup:          "/kubelet.service",
 		SystemCgroups:               "",
 		CgroupRoot:                  "",
 		EventBurst:                  10,
@ -82,7 +84,7 @@ func TestValidateKubeletConfiguration(t *testing.T) {
 		NodeLeaseDurationSeconds:    -1,
 		CPUCFSQuotaPeriod:           metav1.Duration{Duration: 0},
 	}
-	const numErrs = 23
+	const numErrs = 25
 	if allErrors := ValidateKubeletConfiguration(errorCase); len(allErrors.(utilerrors.Aggregate).Errors()) != numErrs {
 		t.Errorf("expect %d errors, got %v", numErrs, len(allErrors.(utilerrors.Aggregate).Errors()))
 	}