From 362f7e2a09b62dedda174b8fbdd1dcd93cb84215 Mon Sep 17 00:00:00 2001 From: tianshapjq Date: Thu, 16 Aug 2018 15:57:19 +0800 Subject: [PATCH] validate if systemReservedCgroup and kubeReservedCgroup compliance with enforNodeAllocatable --- cmd/kubeadm/app/componentconfigs/validation_test.go | 2 ++ pkg/kubelet/apis/config/validation/validation.go | 6 ++++++ pkg/kubelet/apis/config/validation/validation_test.go | 4 +++- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/cmd/kubeadm/app/componentconfigs/validation_test.go b/cmd/kubeadm/app/componentconfigs/validation_test.go index 0881f2db9fe..ec38a971f5e 100644 --- a/cmd/kubeadm/app/componentconfigs/validation_test.go +++ b/cmd/kubeadm/app/componentconfigs/validation_test.go @@ -287,6 +287,8 @@ func TestValidateKubeletConfiguration(t *testing.T) { Kubelet: &kubeletconfig.KubeletConfiguration{ CgroupsPerQOS: true, EnforceNodeAllocatable: []string{"pods", "system-reserved", "kube-reserved"}, + SystemReservedCgroup: "/system.slice", + KubeReservedCgroup: "/kubelet.service", SystemCgroups: "", CgroupRoot: "", EventBurst: 10, diff --git a/pkg/kubelet/apis/config/validation/validation.go b/pkg/kubelet/apis/config/validation/validation.go index 9a39898fcfe..8850cefc36a 100644 --- a/pkg/kubelet/apis/config/validation/validation.go +++ b/pkg/kubelet/apis/config/validation/validation.go @@ -113,7 +113,13 @@ func ValidateKubeletConfiguration(kc *kubeletconfig.KubeletConfiguration) error switch val { case kubetypes.NodeAllocatableEnforcementKey: case kubetypes.SystemReservedEnforcementKey: + if kc.SystemReservedCgroup == "" { + allErrors = append(allErrors, fmt.Errorf("invalid configuration: systemReservedCgroup (--system-reserved-cgroup) must be specified when system-reserved contained in EnforceNodeAllocatable (--enforce-node-allocatable)")) + } case kubetypes.KubeReservedEnforcementKey: + if kc.KubeReservedCgroup == "" { + allErrors = append(allErrors, fmt.Errorf("invalid configuration: kubeReservedCgroup (--kube-reserved-cgroup) must be specified when kube-reserved contained in EnforceNodeAllocatable (--enforce-node-allocatable)")) + } case kubetypes.NodeAllocatableNoneKey: if len(kc.EnforceNodeAllocatable) > 1 { allErrors = append(allErrors, fmt.Errorf("invalid configuration: EnforceNodeAllocatable (--enforce-node-allocatable) may not contain additional enforcements when '%s' is specified", kubetypes.NodeAllocatableNoneKey)) diff --git a/pkg/kubelet/apis/config/validation/validation_test.go b/pkg/kubelet/apis/config/validation/validation_test.go index 27c3a961424..fdb435c43a1 100644 --- a/pkg/kubelet/apis/config/validation/validation_test.go +++ b/pkg/kubelet/apis/config/validation/validation_test.go @@ -29,6 +29,8 @@ func TestValidateKubeletConfiguration(t *testing.T) { successCase := &kubeletconfig.KubeletConfiguration{ CgroupsPerQOS: true, EnforceNodeAllocatable: []string{"pods", "system-reserved", "kube-reserved"}, + SystemReservedCgroup: "/system.slice", + KubeReservedCgroup: "/kubelet.service", SystemCgroups: "", CgroupRoot: "", EventBurst: 10, @@ -82,7 +84,7 @@ func TestValidateKubeletConfiguration(t *testing.T) { NodeLeaseDurationSeconds: -1, CPUCFSQuotaPeriod: metav1.Duration{Duration: 0}, } - const numErrs = 23 + const numErrs = 25 if allErrors := ValidateKubeletConfiguration(errorCase); len(allErrors.(utilerrors.Aggregate).Errors()) != numErrs { t.Errorf("expect %d errors, got %v", numErrs, len(allErrors.(utilerrors.Aggregate).Errors())) }