From 14408bec8736cc630019e398a34c2f2a00b1b5d3 Mon Sep 17 00:00:00 2001 From: "Lubomir I. Ivanov" Date: Wed, 19 Jun 2019 14:39:12 +0300 Subject: [PATCH] kubeadm: improve the kubeconfig file validation phase When a kubeconfig file is read from disk it may lack the propper mapping between contexts and clusters. In such a case the kubeconfig phase backend will panic, without throwing a sensible error. Add nil checks for a couple of map operations in validateKubeConfig(). --- cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go b/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go index fcadee49270..90128f472d7 100644 --- a/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go +++ b/cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go @@ -224,7 +224,13 @@ func validateKubeConfig(outDir, filename string, config *clientcmdapi.Config) er expectedCtx := config.CurrentContext expectedCluster := config.Contexts[expectedCtx].Cluster currentCtx := currentConfig.CurrentContext + if currentConfig.Contexts[currentCtx] == nil { + return errors.Errorf("failed to find CurrentContext in Contexts of the kubeconfig file %s", kubeConfigFilePath) + } currentCluster := currentConfig.Contexts[currentCtx].Cluster + if currentConfig.Clusters[currentCluster] == nil { + return errors.Errorf("failed to find the given CurrentContext Cluster in Clusters of the kubeconfig file %s", kubeConfigFilePath) + } // If the current CA cert on disk doesn't match the expected CA cert, error out because we have a file, but it's stale if !bytes.Equal(currentConfig.Clusters[currentCluster].CertificateAuthorityData, config.Clusters[expectedCluster].CertificateAuthorityData) {