diff --git a/cmd/kube-apiserver/app/options/validation.go b/cmd/kube-apiserver/app/options/validation.go index f28b98c228f..68b0e62d701 100644 --- a/cmd/kube-apiserver/app/options/validation.go +++ b/cmd/kube-apiserver/app/options/validation.go @@ -36,6 +36,8 @@ import ( // validateClusterIPFlags is expected to be called after Complete() func validateClusterIPFlags(options *ServerRunOptions) []error { var errs []error + // maxCIDRbits is used to define the maximum CIDR size for the cluster ip(s) + const maxCIDRbits = 20 // validate that primary has been processed by user provided values or it has been defaulted if options.PrimaryServiceClusterIPRange.IP == nil { @@ -50,8 +52,8 @@ func validateClusterIPFlags(options *ServerRunOptions) []error { // Complete() expected to have set Primary* and Secondary* // primary CIDR validation var ones, bits = options.PrimaryServiceClusterIPRange.Mask.Size() - if bits-ones > 20 { - errs = append(errs, errors.New("specified --service-cluster-ip-range is too large")) + if bits-ones > maxCIDRbits { + errs = append(errs, fmt.Errorf("specified --service-cluster-ip-range is too large. Network CIDR should not be bigger than /%d", bits-maxCIDRbits)) } // Secondary IP validation @@ -79,8 +81,8 @@ func validateClusterIPFlags(options *ServerRunOptions) []error { // bigger cidr (specially those offered by IPv6) will add no value // significantly increase snapshotting time. var ones, bits = options.SecondaryServiceClusterIPRange.Mask.Size() - if bits-ones > 20 { - errs = append(errs, errors.New("specified --secondary-service-cluster-ip-range is too large")) + if bits-ones > maxCIDRbits { + errs = append(errs, fmt.Errorf("specified --service-cluster-ip-range is too large. Network CIDR should not be bigger than /%d", bits-maxCIDRbits)) } } diff --git a/cmd/kube-apiserver/app/options/validation_test.go b/cmd/kube-apiserver/app/options/validation_test.go index 535149fdd8b..153dbbd25f6 100644 --- a/cmd/kube-apiserver/app/options/validation_test.go +++ b/cmd/kube-apiserver/app/options/validation_test.go @@ -95,6 +95,18 @@ func TestClusterSerivceIPRange(t *testing.T) { options: makeOptionsWithCIDRs("10.0.0.0/16", "3000::/108"), enableDualStack: false, }, + { + name: "service cidr to big", + expectErrors: true, + options: makeOptionsWithCIDRs("10.0.0.0/8", ""), + enableDualStack: true, + }, + { + name: "dual-stack secondary cidr to big", + expectErrors: true, + options: makeOptionsWithCIDRs("10.0.0.0/16", "3000::/64"), + enableDualStack: true, + }, /* success cases */ { name: "valid primary",