mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-30 15:05:27 +00:00
Merge pull request #69058 from fabriziopandini/kubeadm-cleanup-v1alpha3-api-conversion-and-restore-fuzzer
Kubeadm cleanup v1alpha3 api conversion and restore fuzzer
This commit is contained in:
k8s-ci-robot
GitHub
commit
2f2b445e0b
@ -26,7 +26,6 @@ go_library(
|
||||
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/tools/bootstrap/token/api:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/tools/bootstrap/token/util:go_default_library",
|
||||
"//vendor/github.com/google/gofuzz:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
|
||||
@ -12,16 +12,11 @@ go_library(
|
||||
importpath = "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/fuzzer",
|
||||
deps = [
|
||||
"//cmd/kubeadm/app/apis/kubeadm:go_default_library",
|
||||
"//cmd/kubeadm/app/componentconfigs:go_default_library",
|
||||
"//pkg/kubelet/apis/config:go_default_library",
|
||||
"//pkg/proxy/apis/config:go_default_library",
|
||||
"//staging/src/k8s.io/api/core/v1:go_default_library",
|
||||
"//cmd/kubeadm/app/apis/kubeadm/v1alpha3:go_default_library",
|
||||
"//cmd/kubeadm/app/constants:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
|
||||
"//staging/src/k8s.io/kube-proxy/config/v1alpha1:go_default_library",
|
||||
"//staging/src/k8s.io/kubelet/config/v1beta1:go_default_library",
|
||||
"//vendor/github.com/google/gofuzz:go_default_library",
|
||||
"//vendor/k8s.io/utils/pointer:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
@ -42,4 +37,8 @@ go_test(
|
||||
name = "go_default_test",
|
||||
srcs = ["fuzzer_test.go"],
|
||||
embed = [":go_default_library"],
|
||||
deps = [
|
||||
"//cmd/kubeadm/app/apis/kubeadm/scheme:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/api/apitesting/roundtrip:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
@ -17,119 +17,123 @@ limitations under the License.
|
||||
package fuzzer
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
fuzz "github.com/google/gofuzz"
|
||||
|
||||
"k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer"
|
||||
kubeproxyconfigv1alpha1 "k8s.io/kube-proxy/config/v1alpha1"
|
||||
kubeletconfigv1beta1 "k8s.io/kubelet/config/v1beta1"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/componentconfigs"
|
||||
kubeletconfig "k8s.io/kubernetes/pkg/kubelet/apis/config"
|
||||
kubeproxyconfig "k8s.io/kubernetes/pkg/proxy/apis/config"
|
||||
utilpointer "k8s.io/utils/pointer"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha3"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||
)
|
||||
|
||||
// NOTE: Right now this code is unused, as the test utilizing this is disabled.
|
||||
|
||||
// Funcs returns the fuzzer functions for the kubeadm apis.
|
||||
func Funcs(codecs runtimeserializer.CodecFactory) []interface{} {
|
||||
return []interface{}{
|
||||
func(obj *kubeadm.ClusterConfiguration, c fuzz.Continue) {
|
||||
c.FuzzNoCustom(obj)
|
||||
fuzzClusterConfig(obj)
|
||||
},
|
||||
func(obj *kubeadm.InitConfiguration, c fuzz.Continue) {
|
||||
c.FuzzNoCustom(obj)
|
||||
fuzzClusterConfig(&obj.ClusterConfiguration)
|
||||
fuzzBootstrapTokens(&obj.BootstrapTokens)
|
||||
fuzzNodeRegistration(&obj.NodeRegistration)
|
||||
fuzzAPIEndpoint(&obj.APIEndpoint)
|
||||
},
|
||||
func(obj *kubeadm.JoinConfiguration, c fuzz.Continue) {
|
||||
c.FuzzNoCustom(obj)
|
||||
fuzzNodeRegistration(&obj.NodeRegistration)
|
||||
fuzzAPIEndpoint(&obj.APIEndpoint)
|
||||
obj.CACertPath = "foo"
|
||||
obj.DiscoveryFile = "foo"
|
||||
obj.DiscoveryToken = "foo"
|
||||
obj.DiscoveryTokenAPIServers = []string{"foo"}
|
||||
obj.DiscoveryTimeout = &metav1.Duration{Duration: 1}
|
||||
obj.TLSBootstrapToken = "foo"
|
||||
obj.Token = "foo"
|
||||
obj.ClusterName = "foo"
|
||||
},
|
||||
fuzzInitConfiguration,
|
||||
fuzzClusterConfiguration,
|
||||
fuzzAuditPolicyConfiguration,
|
||||
fuzzComponentConfigs,
|
||||
fuzzNodeRegistration,
|
||||
fuzzLocalEtcd,
|
||||
fuzzNetworking,
|
||||
fuzzJoinConfiguration,
|
||||
}
|
||||
}
|
||||
|
||||
func fuzzBootstrapTokens(obj *[]kubeadm.BootstrapToken) {
|
||||
obj = &[]kubeadm.BootstrapToken{
|
||||
{
|
||||
Token: &kubeadm.BootstrapTokenString{
|
||||
ID: "abcdef",
|
||||
Secret: "abcdef0123456789",
|
||||
func fuzzInitConfiguration(obj *kubeadm.InitConfiguration, c fuzz.Continue) {
|
||||
c.FuzzNoCustom(obj)
|
||||
|
||||
// Pinning values for fields that get defaults if fuzz value is empty string or nil (thus making the round trip test fail)
|
||||
|
||||
// Since ClusterConfiguration never get serialized in the external variant of InitConfiguration,
|
||||
// it is necessary to apply external api defaults here to get the round trip internal->external->internal working.
|
||||
// More specifically:
|
||||
// internal with manually applied defaults -> external object : loosing ClusterConfiguration) -> internal object with automatically applied defaults
|
||||
obj.ClusterConfiguration = kubeadm.ClusterConfiguration{
|
||||
AuditPolicyConfiguration: kubeadm.AuditPolicyConfiguration{
|
||||
LogDir: constants.StaticPodAuditPolicyLogDir,
|
||||
LogMaxAge: &v1alpha3.DefaultAuditPolicyLogMaxAge,
|
||||
},
|
||||
CertificatesDir: v1alpha3.DefaultCertificatesDir,
|
||||
ClusterName: v1alpha3.DefaultClusterName,
|
||||
Etcd: kubeadm.Etcd{
|
||||
Local: &kubeadm.LocalEtcd{
|
||||
DataDir: v1alpha3.DefaultEtcdDataDir,
|
||||
},
|
||||
TTL: &metav1.Duration{Duration: 1 * time.Hour},
|
||||
Usages: []string{"foo"},
|
||||
},
|
||||
ImageRepository: v1alpha3.DefaultImageRepository,
|
||||
KubernetesVersion: v1alpha3.DefaultKubernetesVersion,
|
||||
Networking: kubeadm.Networking{
|
||||
ServiceSubnet: v1alpha3.DefaultServicesSubnet,
|
||||
DNSDomain: v1alpha3.DefaultServiceDNSDomain,
|
||||
},
|
||||
}
|
||||
// Adds the default bootstrap token to get the round working
|
||||
obj.BootstrapTokens = []kubeadm.BootstrapToken{
|
||||
{
|
||||
// Description
|
||||
// Expires
|
||||
Groups: []string{"foo"},
|
||||
// Token
|
||||
TTL: &metav1.Duration{Duration: 1234},
|
||||
Usages: []string{"foo"},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func fuzzNodeRegistration(obj *kubeadm.NodeRegistrationOptions) {
|
||||
func fuzzNodeRegistration(obj *kubeadm.NodeRegistrationOptions, c fuzz.Continue) {
|
||||
c.FuzzNoCustom(obj)
|
||||
|
||||
// Pinning values for fields that get defaults if fuzz value is empty string or nil (thus making the round trip test fail)
|
||||
obj.CRISocket = "foo"
|
||||
obj.Name = "foo"
|
||||
obj.Taints = []v1.Taint{}
|
||||
}
|
||||
|
||||
func fuzzAPIEndpoint(obj *kubeadm.APIEndpoint) {
|
||||
obj.BindPort = 20
|
||||
obj.AdvertiseAddress = "foo"
|
||||
}
|
||||
func fuzzClusterConfiguration(obj *kubeadm.ClusterConfiguration, c fuzz.Continue) {
|
||||
c.FuzzNoCustom(obj)
|
||||
|
||||
func fuzzClusterConfig(obj *kubeadm.ClusterConfiguration) {
|
||||
obj.KubernetesVersion = "v10"
|
||||
obj.Networking.ServiceSubnet = "10.96.0.0/12"
|
||||
obj.Networking.DNSDomain = "cluster.local"
|
||||
// Pinning values for fields that get defaults if fuzz value is empty string or nil (thus making the round trip test fail)
|
||||
obj.CertificatesDir = "foo"
|
||||
obj.APIServerCertSANs = []string{"foo"}
|
||||
obj.ImageRepository = "foo"
|
||||
obj.CIImageRepository = ""
|
||||
obj.UnifiedControlPlaneImage = "foo"
|
||||
obj.FeatureGates = map[string]bool{"foo": true}
|
||||
obj.ClusterName = "foo"
|
||||
obj.APIServerExtraArgs = map[string]string{"foo": "foo"}
|
||||
obj.APIServerExtraVolumes = []kubeadm.HostPathMount{{
|
||||
Name: "foo",
|
||||
HostPath: "foo",
|
||||
MountPath: "foo",
|
||||
Writable: false,
|
||||
}}
|
||||
obj.Etcd.Local = &kubeadm.LocalEtcd{
|
||||
Image: "foo",
|
||||
DataDir: "foo",
|
||||
ServerCertSANs: []string{"foo"},
|
||||
PeerCertSANs: []string{"foo"},
|
||||
ExtraArgs: map[string]string{"foo": "foo"},
|
||||
}
|
||||
obj.AuditPolicyConfiguration = kubeadm.AuditPolicyConfiguration{
|
||||
Path: "foo",
|
||||
LogDir: "/foo",
|
||||
LogMaxAge: utilpointer.Int32Ptr(0),
|
||||
}
|
||||
// Set the Kubelet ComponentConfig to an empty, defaulted struct
|
||||
extkubeletconfig := &kubeletconfigv1beta1.KubeletConfiguration{}
|
||||
obj.ComponentConfigs.Kubelet = &kubeletconfig.KubeletConfiguration{}
|
||||
componentconfigs.Scheme.Default(extkubeletconfig)
|
||||
componentconfigs.Scheme.Convert(extkubeletconfig, obj.ComponentConfigs.Kubelet, nil)
|
||||
componentconfigs.DefaultKubeletConfiguration(obj)
|
||||
// Set the KubeProxy ComponentConfig to an empty, defaulted struct
|
||||
extkubeproxyconfig := &kubeproxyconfigv1alpha1.KubeProxyConfiguration{}
|
||||
obj.ComponentConfigs.KubeProxy = &kubeproxyconfig.KubeProxyConfiguration{}
|
||||
componentconfigs.Scheme.Default(extkubeproxyconfig)
|
||||
componentconfigs.Scheme.Convert(extkubeproxyconfig, obj.ComponentConfigs.KubeProxy, nil)
|
||||
componentconfigs.DefaultKubeProxyConfiguration(obj)
|
||||
obj.CIImageRepository = "" //This fields doesn't exists in public API >> using default to get the roundtrip test pass
|
||||
obj.ClusterName = "bar"
|
||||
obj.ImageRepository = "baz"
|
||||
obj.KubernetesVersion = "qux"
|
||||
}
|
||||
|
||||
func fuzzAuditPolicyConfiguration(obj *kubeadm.AuditPolicyConfiguration, c fuzz.Continue) {
|
||||
c.FuzzNoCustom(obj)
|
||||
|
||||
// Pinning values for fields that get defaults if fuzz value is empty string or nil (thus making the round trip test fail)
|
||||
obj.LogDir = "foo"
|
||||
obj.LogMaxAge = new(int32)
|
||||
}
|
||||
|
||||
func fuzzComponentConfigs(obj *kubeadm.ComponentConfigs, c fuzz.Continue) {
|
||||
// This is intentionally empty because component config does not exists in the public api
|
||||
// (empty mean all ComponentConfigs fields nil, and this is necessary for getting roundtrip passing)
|
||||
}
|
||||
|
||||
func fuzzLocalEtcd(obj *kubeadm.LocalEtcd, c fuzz.Continue) {
|
||||
c.FuzzNoCustom(obj)
|
||||
|
||||
// Pinning values for fields that get defaults if fuzz value is empty string or nil (thus making the round trip test fail)
|
||||
obj.DataDir = "foo"
|
||||
}
|
||||
|
||||
func fuzzNetworking(obj *kubeadm.Networking, c fuzz.Continue) {
|
||||
c.FuzzNoCustom(obj)
|
||||
|
||||
// Pinning values for fields that get defaults if fuzz value is empty string or nil (thus making the round trip test fail)
|
||||
obj.DNSDomain = "foo"
|
||||
obj.ServiceSubnet = "bar"
|
||||
}
|
||||
|
||||
func fuzzJoinConfiguration(obj *kubeadm.JoinConfiguration, c fuzz.Continue) {
|
||||
c.FuzzNoCustom(obj)
|
||||
|
||||
// Pinning values for fields that get defaults if fuzz value is empty string or nil (thus making the round trip test fail)
|
||||
obj.CACertPath = "foo"
|
||||
obj.ClusterName = "bar"
|
||||
obj.DiscoveryTimeout = &metav1.Duration{Duration: 1234}
|
||||
obj.DiscoveryToken = "baz"
|
||||
obj.TLSBootstrapToken = "qux"
|
||||
}
|
||||
|
||||
@ -21,7 +21,7 @@ package fuzzer
|
||||
// earlier now have moved out it's not possible to do a lossless roundtrip "the normal way"
|
||||
// When we support v1alpha3 and higher only, we can reenable this
|
||||
|
||||
/*import (
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"k8s.io/apimachinery/pkg/api/apitesting/roundtrip"
|
||||
@ -30,4 +30,4 @@ package fuzzer
|
||||
|
||||
func TestRoundTripTypes(t *testing.T) {
|
||||
roundtrip.RoundTripTestForAPIGroup(t, scheme.AddToScheme, Funcs)
|
||||
}*/
|
||||
}
|
||||
|
||||
@ -17,8 +17,6 @@ limitations under the License.
|
||||
package kubeadm
|
||||
|
||||
import (
|
||||
fuzz "github.com/google/gofuzz"
|
||||
|
||||
"k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
kubeletconfig "k8s.io/kubernetes/pkg/kubelet/apis/config"
|
||||
@ -143,12 +141,6 @@ type ComponentConfigs struct {
|
||||
KubeProxy *kubeproxyconfig.KubeProxyConfiguration
|
||||
}
|
||||
|
||||
// Fuzz is a dummy function here to get the roundtrip tests working in cmd/kubeadm/app/apis/kubeadm/fuzzer working.
|
||||
// This makes the fuzzer not go and randomize all fields in the ComponentConfigs struct, as that wouldn't work for
|
||||
// a roundtrip. A roundtrip to the v1alpha3 API obviously doesn't work as it's not stored there at all. With this,
|
||||
// the roundtrip is considered valid, as semi-static values are set and preserved during a roundtrip.
|
||||
func (cc ComponentConfigs) Fuzz(c fuzz.Continue) {}
|
||||
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
|
||||
// ClusterStatus contains the cluster status. The ClusterStatus will be stored in the kubeadm-config
|
||||
|
||||
@ -4,7 +4,6 @@ go_library(
|
||||
name = "go_default_library",
|
||||
srcs = [
|
||||
"bootstraptokenstring.go",
|
||||
"conversion.go",
|
||||
"defaults.go",
|
||||
"defaults_unix.go",
|
||||
"defaults_windows.go",
|
||||
@ -20,10 +19,6 @@ go_library(
|
||||
deps = [
|
||||
"//cmd/kubeadm/app/apis/kubeadm:go_default_library",
|
||||
"//cmd/kubeadm/app/constants:go_default_library",
|
||||
"//pkg/kubelet/apis/config:go_default_library",
|
||||
"//pkg/kubelet/apis/config/scheme:go_default_library",
|
||||
"//pkg/proxy/apis/config:go_default_library",
|
||||
"//pkg/proxy/apis/config/scheme:go_default_library",
|
||||
"//staging/src/k8s.io/api/core/v1:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/conversion:go_default_library",
|
||||
@ -31,8 +26,6 @@ go_library(
|
||||
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/tools/bootstrap/token/api:go_default_library",
|
||||
"//staging/src/k8s.io/client-go/tools/bootstrap/token/util:go_default_library",
|
||||
"//staging/src/k8s.io/kube-proxy/config/v1alpha1:go_default_library",
|
||||
"//staging/src/k8s.io/kubelet/config/v1beta1:go_default_library",
|
||||
],
|
||||
)
|
||||
|
||||
|
||||
@ -1,112 +0,0 @@
|
||||
/*
|
||||
Copyright 2018 The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package v1alpha3
|
||||
|
||||
import (
|
||||
"k8s.io/apimachinery/pkg/conversion"
|
||||
kubeproxyconfigv1alpha1 "k8s.io/kube-proxy/config/v1alpha1"
|
||||
kubeletconfigv1beta1 "k8s.io/kubelet/config/v1beta1"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
"k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||
kubeletconfig "k8s.io/kubernetes/pkg/kubelet/apis/config"
|
||||
kubeletconfigscheme "k8s.io/kubernetes/pkg/kubelet/apis/config/scheme"
|
||||
kubeproxyconfig "k8s.io/kubernetes/pkg/proxy/apis/config"
|
||||
kubeproxyconfigscheme "k8s.io/kubernetes/pkg/proxy/apis/config/scheme"
|
||||
)
|
||||
|
||||
func Convert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration(in *ClusterConfiguration, out *kubeadm.ClusterConfiguration, s conversion.Scope) error {
|
||||
if err := autoConvert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration(in, out, s); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// TODO: This conversion code is here ONLY for fuzzing tests. When we remove the v1alpha2 API, we can remove this (unnecessary)
|
||||
// code. Right now this defaulting code has to be kept in sync with the defaulting code in cmd/kubeadm/app/apis/kubeadm/v1alpha2 and cmd/kubeadm/app/componentconfig
|
||||
if out.ComponentConfigs.Kubelet == nil {
|
||||
// Set the Kubelet ComponentConfig to an empty, defaulted struct
|
||||
out.ComponentConfigs.Kubelet = &kubeletconfig.KubeletConfiguration{}
|
||||
extkubeletconfig := &kubeletconfigv1beta1.KubeletConfiguration{}
|
||||
|
||||
scheme, _, err := kubeletconfigscheme.NewSchemeAndCodecs()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
scheme.Default(extkubeletconfig)
|
||||
scheme.Convert(extkubeletconfig, out.ComponentConfigs.Kubelet, nil)
|
||||
defaultKubeletConfiguration(in, out.ComponentConfigs.Kubelet)
|
||||
}
|
||||
if out.ComponentConfigs.KubeProxy == nil {
|
||||
// Set the KubeProxy ComponentConfig to an empty, defaulted struct
|
||||
out.ComponentConfigs.KubeProxy = &kubeproxyconfig.KubeProxyConfiguration{}
|
||||
extkubeproxyconfig := &kubeproxyconfigv1alpha1.KubeProxyConfiguration{}
|
||||
kubeproxyconfigscheme.Scheme.Default(extkubeproxyconfig)
|
||||
kubeproxyconfigscheme.Scheme.Convert(extkubeproxyconfig, out.ComponentConfigs.KubeProxy, nil)
|
||||
defaultKubeProxyConfiguration(in, out.ComponentConfigs.KubeProxy)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func defaultKubeProxyConfiguration(internalcfg *ClusterConfiguration, obj *kubeproxyconfig.KubeProxyConfiguration) {
|
||||
// NOTE: This code should be mirrored from cmd/kubeadm/app/apis/kubeadm/v1alpha2/defaults.go and cmd/kubeadm/app/componentconfig/defaults.go
|
||||
if obj.ClusterCIDR == "" && internalcfg.Networking.PodSubnet != "" {
|
||||
obj.ClusterCIDR = internalcfg.Networking.PodSubnet
|
||||
}
|
||||
|
||||
if obj.ClientConnection.Kubeconfig == "" {
|
||||
obj.ClientConnection.Kubeconfig = "/var/lib/kube-proxy/kubeconfig.conf"
|
||||
}
|
||||
}
|
||||
|
||||
func defaultKubeletConfiguration(internalcfg *ClusterConfiguration, obj *kubeletconfig.KubeletConfiguration) {
|
||||
// NOTE: This code should be mirrored from cmd/kubeadm/app/apis/kubeadm/v1alpha2/defaults.go and cmd/kubeadm/app/componentconfig/defaults.go
|
||||
if obj.StaticPodPath == "" {
|
||||
obj.StaticPodPath = DefaultManifestsDir
|
||||
}
|
||||
if obj.ClusterDNS == nil {
|
||||
dnsIP, err := constants.GetDNSIP(internalcfg.Networking.ServiceSubnet)
|
||||
if err != nil {
|
||||
obj.ClusterDNS = []string{DefaultClusterDNSIP}
|
||||
} else {
|
||||
obj.ClusterDNS = []string{dnsIP.String()}
|
||||
}
|
||||
}
|
||||
if obj.ClusterDomain == "" {
|
||||
obj.ClusterDomain = internalcfg.Networking.DNSDomain
|
||||
}
|
||||
// Enforce security-related kubelet options
|
||||
|
||||
// Require all clients to the kubelet API to have client certs signed by the cluster CA
|
||||
obj.Authentication.X509.ClientCAFile = DefaultCACertPath
|
||||
obj.Authentication.Anonymous.Enabled = false
|
||||
|
||||
// On every client request to the kubelet API, execute a webhook (SubjectAccessReview request) to the API server
|
||||
// and ask it whether the client is authorized to access the kubelet API
|
||||
obj.Authorization.Mode = kubeletconfig.KubeletAuthorizationModeWebhook
|
||||
|
||||
// Let clients using other authentication methods like ServiceAccount tokens also access the kubelet API
|
||||
obj.Authentication.Webhook.Enabled = true
|
||||
|
||||
// Disable the readonly port of the kubelet, in order to not expose unnecessary information
|
||||
obj.ReadOnlyPort = 0
|
||||
|
||||
// Enables client certificate rotation for the kubelet
|
||||
obj.RotateCertificates = true
|
||||
|
||||
// Serve a /healthz webserver on localhost:10248 that kubeadm can talk to
|
||||
obj.HealthzBindAddress = "127.0.0.1"
|
||||
obj.HealthzPort = constants.KubeletHealthzPort
|
||||
}
|
||||
@ -177,11 +177,6 @@ func RegisterConversions(s *runtime.Scheme) error {
|
||||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := s.AddConversionFunc((*ClusterConfiguration)(nil), (*kubeadm.ClusterConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error {
|
||||
return Convert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration(a.(*ClusterConfiguration), b.(*kubeadm.ClusterConfiguration), scope)
|
||||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -310,6 +305,11 @@ func autoConvert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration(i
|
||||
return nil
|
||||
}
|
||||
|
||||
// Convert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration is an autogenerated conversion function.
|
||||
func Convert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration(in *ClusterConfiguration, out *kubeadm.ClusterConfiguration, s conversion.Scope) error {
|
||||
return autoConvert_v1alpha3_ClusterConfiguration_To_kubeadm_ClusterConfiguration(in, out, s)
|
||||
}
|
||||
|
||||
func autoConvert_kubeadm_ClusterConfiguration_To_v1alpha3_ClusterConfiguration(in *kubeadm.ClusterConfiguration, out *ClusterConfiguration, s conversion.Scope) error {
|
||||
// INFO: in.ComponentConfigs opted out of conversion generation
|
||||
if err := Convert_kubeadm_Etcd_To_v1alpha3_Etcd(&in.Etcd, &out.Etcd, s); err != nil {
|
||||
|
||||
@ -17,8 +17,10 @@ go_library(
|
||||
"//cmd/kubeadm/app/constants:go_default_library",
|
||||
"//cmd/kubeadm/app/util:go_default_library",
|
||||
"//pkg/kubelet/apis/config:go_default_library",
|
||||
"//pkg/kubelet/apis/config/v1beta1:go_default_library",
|
||||
"//pkg/kubelet/apis/config/validation:go_default_library",
|
||||
"//pkg/proxy/apis/config:go_default_library",
|
||||
"//pkg/proxy/apis/config/v1alpha1:go_default_library",
|
||||
"//pkg/proxy/apis/config/validation:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
|
||||
|
||||
@ -34,12 +34,12 @@ const (
|
||||
|
||||
// DefaultKubeProxyConfiguration assigns default values for the kube-proxy ComponentConfig
|
||||
func DefaultKubeProxyConfiguration(internalcfg *kubeadmapi.ClusterConfiguration) {
|
||||
// IMPORTANT NOTE: If you're changing this code you should mirror it to cmd/kubeadm/app/apis/kubeadm/v1alpha2/defaults.go
|
||||
// and cmd/kubeadm/app/apis/kubeadm/v1alpha3/conversion.go. TODO: Remove this requirement when v1alpha2 is removed.
|
||||
externalproxycfg := &kubeproxyconfigv1alpha1.KubeProxyConfiguration{}
|
||||
|
||||
// Do a roundtrip to the external version for defaulting
|
||||
Scheme.Convert(internalcfg.ComponentConfigs.KubeProxy, externalproxycfg, nil)
|
||||
if internalcfg.ComponentConfigs.KubeProxy != nil {
|
||||
Scheme.Convert(internalcfg.ComponentConfigs.KubeProxy, externalproxycfg, nil)
|
||||
}
|
||||
|
||||
if externalproxycfg.ClusterCIDR == "" && internalcfg.Networking.PodSubnet != "" {
|
||||
externalproxycfg.ClusterCIDR = internalcfg.Networking.PodSubnet
|
||||
@ -63,12 +63,12 @@ func DefaultKubeProxyConfiguration(internalcfg *kubeadmapi.ClusterConfiguration)
|
||||
|
||||
// DefaultKubeletConfiguration assigns default values for the kubelet ComponentConfig
|
||||
func DefaultKubeletConfiguration(internalcfg *kubeadmapi.ClusterConfiguration) {
|
||||
// IMPORTANT NOTE: If you're changing this code you should mirror it to cmd/kubeadm/app/apis/kubeadm/v1alpha2/defaults.go
|
||||
// and cmd/kubeadm/app/apis/kubeadm/v1alpha3/conversion.go. TODO: Remove this requirement when v1alpha2 is removed.
|
||||
externalkubeletcfg := &kubeletconfigv1beta1.KubeletConfiguration{}
|
||||
|
||||
// Do a roundtrip to the external version for defaulting
|
||||
Scheme.Convert(internalcfg.ComponentConfigs.Kubelet, externalkubeletcfg, nil)
|
||||
if internalcfg.ComponentConfigs.Kubelet != nil {
|
||||
Scheme.Convert(internalcfg.ComponentConfigs.Kubelet, externalkubeletcfg, nil)
|
||||
}
|
||||
|
||||
if externalkubeletcfg.StaticPodPath == "" {
|
||||
externalkubeletcfg.StaticPodPath = kubeadmapiv1alpha3.DefaultManifestsDir
|
||||
|
||||
@ -27,7 +27,9 @@ import (
|
||||
kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||
kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
|
||||
kubeletconfig "k8s.io/kubernetes/pkg/kubelet/apis/config"
|
||||
kubeletconfigv1beta1scheme "k8s.io/kubernetes/pkg/kubelet/apis/config/v1beta1"
|
||||
kubeproxyconfig "k8s.io/kubernetes/pkg/proxy/apis/config"
|
||||
kubeproxyconfigv1alpha1scheme "k8s.io/kubernetes/pkg/proxy/apis/config/v1alpha1"
|
||||
)
|
||||
|
||||
// AddToSchemeFunc is a function that adds known types and API GroupVersions to a scheme
|
||||
@ -96,10 +98,11 @@ var Known Registrations = map[RegistrationKind]Registration{
|
||||
KubeProxyConfigurationKind: {
|
||||
// TODO: When a beta version of the kube-proxy ComponentConfig API is available, start using it
|
||||
MarshalGroupVersion: kubeproxyconfigv1alpha1.SchemeGroupVersion,
|
||||
AddToSchemeFuncs: []AddToSchemeFunc{kubeproxyconfig.AddToScheme, kubeproxyconfigv1alpha1.AddToScheme},
|
||||
DefaulterFunc: DefaultKubeProxyConfiguration,
|
||||
ValidateFunc: ValidateKubeProxyConfiguration,
|
||||
EmptyValue: &kubeproxyconfig.KubeProxyConfiguration{},
|
||||
// AddToSchemeFuncs must use v1alpha1scheme defined in k8s.io/kubernetes, because the schema defined in k8s.io/kube-proxy doesn't have defaulting functions
|
||||
AddToSchemeFuncs: []AddToSchemeFunc{kubeproxyconfig.AddToScheme, kubeproxyconfigv1alpha1scheme.AddToScheme},
|
||||
DefaulterFunc: DefaultKubeProxyConfiguration,
|
||||
ValidateFunc: ValidateKubeProxyConfiguration,
|
||||
EmptyValue: &kubeproxyconfig.KubeProxyConfiguration{},
|
||||
GetFromInternalConfig: func(cfg *kubeadmapi.ClusterConfiguration) (runtime.Object, bool) {
|
||||
return cfg.ComponentConfigs.KubeProxy, cfg.ComponentConfigs.KubeProxy != nil
|
||||
},
|
||||
@ -114,10 +117,11 @@ var Known Registrations = map[RegistrationKind]Registration{
|
||||
},
|
||||
KubeletConfigurationKind: {
|
||||
MarshalGroupVersion: kubeletconfigv1beta1.SchemeGroupVersion,
|
||||
AddToSchemeFuncs: []AddToSchemeFunc{kubeletconfig.AddToScheme, kubeletconfigv1beta1.AddToScheme},
|
||||
DefaulterFunc: DefaultKubeletConfiguration,
|
||||
ValidateFunc: ValidateKubeletConfiguration,
|
||||
EmptyValue: &kubeletconfig.KubeletConfiguration{},
|
||||
// PAddToSchemeFuncs must use v1alpha1scheme defined in k8s.io/kubernetes, because the schema defined in k8s.io/kubelet doesn't have defaulting functions
|
||||
AddToSchemeFuncs: []AddToSchemeFunc{kubeletconfig.AddToScheme, kubeletconfigv1beta1scheme.AddToScheme},
|
||||
DefaulterFunc: DefaultKubeletConfiguration,
|
||||
ValidateFunc: ValidateKubeletConfiguration,
|
||||
EmptyValue: &kubeletconfig.KubeletConfiguration{},
|
||||
GetFromInternalConfig: func(cfg *kubeadmapi.ClusterConfiguration) (runtime.Object, bool) {
|
||||
return cfg.ComponentConfigs.Kubelet, cfg.ComponentConfigs.Kubelet != nil
|
||||
},
|
||||
|
||||
@ -88,6 +88,10 @@ func TestUploadConfiguration(t *testing.T) {
|
||||
},
|
||||
}
|
||||
cfg, err := configutil.ConfigFileAndDefaultsToInternalConfig("", initialcfg)
|
||||
|
||||
// cleans up component config to make cfg and decodedcfg comparable (now component config are not stored anymore in kubeadm-config config map)
|
||||
cfg.ComponentConfigs = kubeadmapi.ComponentConfigs{}
|
||||
|
||||
if err != nil {
|
||||
t2.Fatalf("UploadConfiguration() error = %v", err)
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user