diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/audit.go b/staging/src/k8s.io/apiserver/pkg/server/options/audit.go
index 3ccb275428b..b75772f069f 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/options/audit.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/audit.go
@@ -87,6 +87,10 @@ func NewAuditOptions() *AuditOptions {
 
 // Validate checks invalid config combination
 func (o *AuditOptions) Validate() []error {
+	if o == nil {
+		return nil
+	}
+
 	allErrors := []error{}
 
 	if !advancedAuditingEnabled() {
@@ -137,6 +141,10 @@ func (o *AuditOptions) Validate() []error {
 }
 
 func (o *AuditOptions) AddFlags(fs *pflag.FlagSet) {
+	if o == nil {
+		return
+	}
+
 	fs.StringVar(&o.PolicyFile, "audit-policy-file", o.PolicyFile,
 		"Path to the file that defines the audit policy configuration. Requires the 'AdvancedAuditing' feature gate."+
 			" With AdvancedAuditing, a profile is required to enable auditing.")
@@ -146,6 +154,10 @@ func (o *AuditOptions) AddFlags(fs *pflag.FlagSet) {
 }
 
 func (o *AuditOptions) ApplyTo(c *server.Config) error {
+	if o == nil {
+		return nil
+	}
+
 	// Apply legacy audit options if advanced audit is not enabled.
 	if !advancedAuditingEnabled() {
 		return o.LogOptions.legacyApplyTo(c)
diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go b/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go
index 624343fc479..28c933bea54 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/authentication.go
@@ -43,6 +43,10 @@ type RequestHeaderAuthenticationOptions struct {
 }
 
 func (s *RequestHeaderAuthenticationOptions) AddFlags(fs *pflag.FlagSet) {
+	if s == nil {
+		return
+	}
+
 	fs.StringSliceVar(&s.UsernameHeaders, "requestheader-username-headers", s.UsernameHeaders, ""+
 		"List of request headers to inspect for usernames. X-Remote-User is common.")
 
diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/authorization.go b/staging/src/k8s.io/apiserver/pkg/server/options/authorization.go
index 3d356958f5d..9a452d11e6b 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/options/authorization.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/authorization.go
@@ -57,6 +57,10 @@ func (s *DelegatingAuthorizationOptions) Validate() []error {
 }
 
 func (s *DelegatingAuthorizationOptions) AddFlags(fs *pflag.FlagSet) {
+	if s == nil {
+		return
+	}
+
 	fs.StringVar(&s.RemoteKubeConfigFile, "authorization-kubeconfig", s.RemoteKubeConfigFile, ""+
 		"kubeconfig file pointing at the 'core' kubernetes server with enough rights to create "+
 		" subjectaccessreviews.authorization.k8s.io.")
diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/coreapi.go b/staging/src/k8s.io/apiserver/pkg/server/options/coreapi.go
index 01d489ba04d..edcf3a7b058 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/options/coreapi.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/coreapi.go
@@ -40,6 +40,10 @@ func NewCoreAPIOptions() *CoreAPIOptions {
 }
 
 func (o *CoreAPIOptions) AddFlags(fs *pflag.FlagSet) {
+	if o == nil {
+		return
+	}
+
 	fs.StringVar(&o.CoreAPIKubeconfigPath, "kubeconfig", o.CoreAPIKubeconfigPath,
 		"kubeconfig file pointing at the 'core' kubernetes server.")
 }
diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/etcd.go b/staging/src/k8s.io/apiserver/pkg/server/options/etcd.go
index 0a222ac79bc..95b20fce75c 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/options/etcd.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/etcd.go
@@ -71,6 +71,10 @@ func NewEtcdOptions(backendConfig *storagebackend.Config) *EtcdOptions {
 }
 
 func (s *EtcdOptions) Validate() []error {
+	if s == nil {
+		return nil
+	}
+
 	allErrors := []error{}
 	if len(s.StorageConfig.ServerList) == 0 {
 		allErrors = append(allErrors, fmt.Errorf("--etcd-servers must be specified"))
@@ -85,6 +89,10 @@ func (s *EtcdOptions) Validate() []error {
 
 // AddEtcdFlags adds flags related to etcd storage for a specific APIServer to the specified FlagSet
 func (s *EtcdOptions) AddFlags(fs *pflag.FlagSet) {
+	if s == nil {
+		return
+	}
+
 	fs.StringSliceVar(&s.EtcdServersOverrides, "etcd-servers-overrides", s.EtcdServersOverrides, ""+
 		"Per-resource etcd servers overrides, comma separated. The individual override "+
 		"format: group/resource#servers, where servers are http://ip:port, semicolon separated.")
@@ -132,6 +140,10 @@ func (s *EtcdOptions) AddFlags(fs *pflag.FlagSet) {
 }
 
 func (s *EtcdOptions) ApplyTo(c *server.Config) error {
+	if s == nil {
+		return nil
+	}
+
 	s.addEtcdHealthEndpoint(c)
 	c.RESTOptionsGetter = &SimpleRestOptionsFactory{Options: *s}
 	return nil
diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/feature.go b/staging/src/k8s.io/apiserver/pkg/server/options/feature.go
index cd62c7c67f7..7e02a183b7a 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/options/feature.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/feature.go
@@ -40,6 +40,10 @@ func NewFeatureOptions() *FeatureOptions {
 }
 
 func (o *FeatureOptions) AddFlags(fs *pflag.FlagSet) {
+	if o == nil {
+		return
+	}
+
 	fs.BoolVar(&o.EnableProfiling, "profiling", o.EnableProfiling,
 		"Enable profiling via web interface host:port/debug/pprof/")
 	fs.BoolVar(&o.EnableContentionProfiling, "contention-profiling", o.EnableContentionProfiling,
@@ -49,6 +53,10 @@ func (o *FeatureOptions) AddFlags(fs *pflag.FlagSet) {
 }
 
 func (o *FeatureOptions) ApplyTo(c *server.Config) error {
+	if o == nil {
+		return nil
+	}
+
 	c.EnableProfiling = o.EnableProfiling
 	c.EnableContentionProfiling = o.EnableContentionProfiling
 	c.EnableSwaggerUI = o.EnableSwaggerUI
@@ -57,6 +65,10 @@ func (o *FeatureOptions) ApplyTo(c *server.Config) error {
 }
 
 func (o *FeatureOptions) Validate() []error {
+	if o == nil {
+		return nil
+	}
+
 	errs := []error{}
 	return errs
 }
diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/serving.go b/staging/src/k8s.io/apiserver/pkg/server/options/serving.go
index 38c07a41a54..775476c3d9f 100644
--- a/staging/src/k8s.io/apiserver/pkg/server/options/serving.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/serving.go
@@ -81,6 +81,10 @@ func (s *SecureServingOptions) DefaultExternalAddress() (net.IP, error) {
 }
 
 func (s *SecureServingOptions) Validate() []error {
+	if s == nil {
+		return nil
+	}
+
 	errors := []error{}
 
 	if s.BindPort < 0 || s.BindPort > 65535 {
@@ -91,6 +95,10 @@ func (s *SecureServingOptions) Validate() []error {
 }
 
 func (s *SecureServingOptions) AddFlags(fs *pflag.FlagSet) {
+	if s == nil {
+		return
+	}
+
 	fs.IPVar(&s.BindAddress, "bind-address", s.BindAddress, ""+
 		"The IP address on which to listen for the --secure-port port. The "+
 		"associated interface(s) must be reachable by the rest of the cluster, and by CLI/web "+
@@ -136,6 +144,10 @@ func (s *SecureServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet) {
 
 // ApplyTo fills up serving information in the server configuration.
 func (s *SecureServingOptions) ApplyTo(c *server.Config) error {
+	if s == nil {
+		return nil
+	}
+
 	if s.BindPort <= 0 {
 		return nil
 	}