mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-03 17:30:00 +00:00
Validate the minimum subnet cidr so there are always 10 available addresses
This commit is contained in:
Lucas Käldström
parent
d6f7ae2ffb
commit
667dc64e79
@ -13,6 +13,7 @@ go_library(
|
|||||||
tags = ["automanaged"],
|
tags = ["automanaged"],
|
||||||
deps = [
|
deps = [
|
||||||
"//cmd/kubeadm/app/apis/kubeadm:go_default_library",
|
"//cmd/kubeadm/app/apis/kubeadm:go_default_library",
|
||||||
|
"//cmd/kubeadm/app/constants:go_default_library",
|
||||||
"//vendor:k8s.io/apimachinery/pkg/util/validation/field",
|
"//vendor:k8s.io/apimachinery/pkg/util/validation/field",
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
|||||||
@ -17,13 +17,18 @@ limitations under the License.
|
|||||||
package validation
|
package validation
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"math"
|
||||||
|
"net"
|
||||||
|
|
||||||
"k8s.io/apimachinery/pkg/util/validation/field"
|
"k8s.io/apimachinery/pkg/util/validation/field"
|
||||||
"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
|
||||||
|
kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
|
||||||
)
|
)
|
||||||
|
|
||||||
func ValidateMasterConfiguration(c *kubeadm.MasterConfiguration) field.ErrorList {
|
func ValidateMasterConfiguration(c *kubeadm.MasterConfiguration) field.ErrorList {
|
||||||
allErrs := field.ErrorList{}
|
allErrs := field.ErrorList{}
|
||||||
allErrs = append(allErrs, ValidateDiscovery(&c.Discovery, field.NewPath("discovery"))...)
|
allErrs = append(allErrs, ValidateDiscovery(&c.Discovery, field.NewPath("discovery"))...)
|
||||||
|
allErrs = append(allErrs, ValidateDiscovery(&c.Discovery, field.NewPath("service subnet"))...)
|
||||||
return allErrs
|
return allErrs
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -68,3 +73,16 @@ func ValidateTokenDiscovery(c *kubeadm.TokenDiscovery, fldPath *field.Path) fiel
|
|||||||
allErrs := field.ErrorList{}
|
allErrs := field.ErrorList{}
|
||||||
return allErrs
|
return allErrs
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func ValidateServiceSubnet(subnet string, fldPath *field.Path) field.ErrorList {
|
||||||
|
_, svcSubnet, err := net.ParseCIDR(subnet)
|
||||||
|
if err != nil {
|
||||||
|
return field.ErrorList{field.Invalid(fldPath, nil, "couldn't parse the service subnet")}
|
||||||
|
}
|
||||||
|
cidrBytesMask, _ := svcSubnet.Mask.Size()
|
||||||
|
numAddresses := int32(math.Pow(2, float64(32-cidrBytesMask)))
|
||||||
|
if numAddresses < kubeadmconstants.MinimumAddressesInServiceSubnet {
|
||||||
|
return field.ErrorList{field.Invalid(fldPath, nil, "service subnet is too small")}
|
||||||
|
}
|
||||||
|
return field.ErrorList{}
|
||||||
|
}
|
||||||
|
|||||||
@ -48,4 +48,8 @@ const (
|
|||||||
|
|
||||||
// APICallRetryInterval defines how long kubeadm should wait before retrying a failed API operation
|
// APICallRetryInterval defines how long kubeadm should wait before retrying a failed API operation
|
||||||
APICallRetryInterval = 500 * time.Millisecond
|
APICallRetryInterval = 500 * time.Millisecond
|
||||||
|
|
||||||
|
// Minimum amount of nodes the Service subnet should allow.
|
||||||
|
// We need at least ten, because the DNS service is always at the tenth cluster clusterIP
|
||||||
|
MinimumAddressesInServiceSubnet = 10
|
||||||
)
|
)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user