kubeadm: Support kubeadm config validate for ResetConfiguration

Signed-off-by: Dave Chen <dave.chen@arm.com>
2025-08-06 02:34:03 +00:00 · 2023-07-14 14:25:59 +08:00 · 2023-07-14 14:25:59 +08:00 · b883f30501
commit b883f30501
parent 5c96e5321e
3 changed files with 44 additions and 4 deletions
--- a/cmd/kubeadm/app/util/config/common.go
+++ b/cmd/kubeadm/app/util/config/common.go
@ -291,7 +291,7 @@ func MigrateOldConfig(oldConfig []byte, allowExperimental bool) ([]byte, error)

 	// Migrate ResetConfiguration if there is any
 	if kubeadmutil.GroupVersionKindsHasResetConfiguration(gvks...) {
-		o, err := documentMapToResetConfiguration(gvkmap, true, allowExperimental)
+		o, err := documentMapToResetConfiguration(gvkmap, true, allowExperimental, true)
 		if err != nil {
 			return []byte{}, err
 		}
@ -336,6 +336,13 @@ func ValidateConfig(config []byte, allowExperimental bool) error {
 		}
 	}

+	// Validate ResetConfiguration if there is any
+	if kubeadmutil.GroupVersionKindsHasResetConfiguration(gvks...) {
+		if _, err := documentMapToResetConfiguration(gvkmap, true, allowExperimental, true); err != nil {
+			return err
+		}
+	}
+
 	return nil
 }

--- a/cmd/kubeadm/app/util/config/common_test.go
+++ b/cmd/kubeadm/app/util/config/common_test.go
@ -575,6 +575,35 @@ func TestValidateConfig(t *testing.T) {
 			expectedError:     true,
 			allowExperimental: false,
 		},
+		{
+			name: "valid ResetConfiguration",
+			cfg: dedent.Dedent(fmt.Sprintf(`
+			apiVersion: %s
+			kind: ResetConfiguration
+			force: true
+			`, gvExperimental)),
+			expectedError:     false,
+			allowExperimental: true,
+		},
+		{
+			name: "invalid field in ResetConfiguration",
+			cfg: dedent.Dedent(fmt.Sprintf(`
+			apiVersion: %s
+			kind: ResetConfiguration
+			foo: bar
+			`, gvExperimental)),
+			expectedError:     true,
+			allowExperimental: true,
+		},
+		{
+			name: "experimental API is not allowed in ResetConfiguration",
+			cfg: dedent.Dedent(fmt.Sprintf(`
+			apiVersion: %s
+			kind: ResetConfiguration
+			`, gvExperimental)),
+			expectedError:     true,
+			allowExperimental: false,
+		},
 	}

 	for _, test := range tests {
--- a/cmd/kubeadm/app/util/config/resetconfiguration.go
+++ b/cmd/kubeadm/app/util/config/resetconfiguration.go
@ -83,12 +83,12 @@ func LoadResetConfigurationFromFile(cfgPath string, allowExperimental bool) (*ku
 		return nil, err
 	}

-	return documentMapToResetConfiguration(gvkmap, false, allowExperimental)
+	return documentMapToResetConfiguration(gvkmap, false, allowExperimental, false)
 }

 // documentMapToResetConfiguration takes a map between GVKs and YAML documents (as returned by SplitYAMLDocuments),
 // finds a ResetConfiguration, decodes it, dynamically defaults it and then validates it prior to return.
-func documentMapToResetConfiguration(gvkmap kubeadmapi.DocumentMap, allowDeprecated, allowExperimental bool) (*kubeadmapi.ResetConfiguration, error) {
+func documentMapToResetConfiguration(gvkmap kubeadmapi.DocumentMap, allowDeprecated, allowExperimental bool, strictErrors bool) (*kubeadmapi.ResetConfiguration, error) {
 	resetBytes := []byte{}
 	for gvk, bytes := range gvkmap {
 		// not interested in anything other than ResetConfiguration
@ -103,7 +103,11 @@ func documentMapToResetConfiguration(gvkmap kubeadmapi.DocumentMap, allowDepreca

 		// verify the validity of the YAML
 		if err := strict.VerifyUnmarshalStrict([]*runtime.Scheme{kubeadmscheme.Scheme}, gvk, bytes); err != nil {
-			klog.Warning(err.Error())
+			if !strictErrors {
+				klog.Warning(err.Error())
+			} else {
+				return nil, err
+			}
 		}

 		resetBytes = bytes