kubeadm: remove the limitation that the 'ignorePreflightErrors' field can not be set to 'all' in kubeadm config file, and keep CLI / config consistent

2025-08-05 18:24:07 +00:00 · 2023-07-16 12:37:12 +08:00 · 2023-07-16 12:37:12 +08:00 · bd9b78d686
commit bd9b78d686
parent 900237fada
5 changed files with 29 additions and 19 deletions
--- a/cmd/kubeadm/app/apis/kubeadm/types.go
+++ b/cmd/kubeadm/app/apis/kubeadm/types.go
@ -221,7 +221,8 @@ type NodeRegistrationOptions struct {
 	// command line except without leading dash(es).
 	KubeletExtraArgs map[string]string

-	// IgnorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered.
+	// IgnorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'.
+	// Value 'all' ignores errors from all checks.
 	IgnorePreflightErrors []string

 	// ImagePullPolicy specifies the policy for image pulling during kubeadm "init" and "join" operations.
@ -488,6 +489,7 @@ type ResetConfiguration struct {
 	Force bool

 	// IgnorePreflightErrors provides a slice of pre-flight errors to be ignored during the reset process, e.g. 'IsPrivilegedUser,Swap'.
+	// Value 'all' ignores errors from all checks.
 	IgnorePreflightErrors []string

 	// SkipPhases is a list of phases to skip during command execution.
--- a/cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go
@ -228,7 +228,8 @@ type NodeRegistrationOptions struct {
 	// +optional
 	KubeletExtraArgs map[string]string `json:"kubeletExtraArgs,omitempty"`

-	// IgnorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered.
+	// IgnorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'.
+	// Value 'all' ignores errors from all checks.
 	// +optional
 	IgnorePreflightErrors []string `json:"ignorePreflightErrors,omitempty"`

--- a/cmd/kubeadm/app/apis/kubeadm/v1beta4/types.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1beta4/types.go
@ -233,7 +233,8 @@ type NodeRegistrationOptions struct {
 	// +optional
 	KubeletExtraArgs map[string]string `json:"kubeletExtraArgs,omitempty"`

-	// IgnorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered.
+	// IgnorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'.
+	// Value 'all' ignores errors from all checks.
 	// +optional
 	IgnorePreflightErrors []string `json:"ignorePreflightErrors,omitempty"`

@ -482,6 +483,7 @@ type ResetConfiguration struct {
 	Force bool `json:"force,omitempty"`

 	// IgnorePreflightErrors provides a slice of pre-flight errors to be ignored during the reset process, e.g. 'IsPrivilegedUser,Swap'.
+	// Value 'all' ignores errors from all checks.
 	// +optional
 	IgnorePreflightErrors []string `json:"ignorePreflightErrors,omitempty"`

--- a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go
+++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go
@ -605,13 +605,6 @@ func ValidateIgnorePreflightErrors(ignorePreflightErrorsFromCLI, ignorePreflight
 		ignoreErrors.Insert(strings.ToLower(item)) // parameters are case insensitive
 	}

-	if ignoreErrors.Has("all") {
-		// "all" is forbidden in config files. Administrators should use an
-		// explicit list of errors they want to ignore, as it can be risky to
-		// mask all errors in such a way. Hence, we return an error:
-		allErrs = append(allErrs, field.Invalid(field.NewPath("ignorePreflightErrors"), "all", "'all' cannot be used in configuration file"))
-	}
-
 	for _, item := range ignorePreflightErrorsFromCLI {
 		ignoreErrors.Insert(strings.ToLower(item)) // parameters are case insensitive
 	}
--- a/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go
+++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go
@ -794,19 +794,37 @@ func TestValidateIgnorePreflightErrors(t *testing.T) {
 			sets.New("a", "b", "c"),
 			false,
 		},
+		{ // empty list in CLI, but 'all' present in config file
+			[]string{},
+			[]string{"all"},
+			sets.New("all"),
+			false,
+		},
+		{ // empty list in config file, but 'all' present in CLI
+			[]string{"all"},
+			[]string{},
+			sets.New("all"),
+			false,
+		},
+		{ // some duplicates, only 'all' present in CLI and config file
+			[]string{"all"},
+			[]string{"all"},
+			sets.New("all"),
+			false,
+		},
 		{ // non-duplicate, but 'all' present together with individual checks in CLI
 			[]string{"a", "b", "all"},
 			[]string{},
 			sets.New[string](),
 			true,
 		},
-		{ // empty list in CLI, but 'all' present in config file, which is forbidden
+		{ // non-duplicate, but 'all' present together with individual checks in config file
 			[]string{},
-			[]string{"all"},
+			[]string{"a", "b", "all"},
 			sets.New[string](),
 			true,
 		},
-		{ // non-duplicate, but 'all' present in config file, which is forbidden
+		{ // non-duplicate, but 'all' present in config file, while values are in CLI, which is forbidden
 			[]string{"a", "b"},
 			[]string{"all"},
 			sets.New[string](),
@ -818,12 +836,6 @@ func TestValidateIgnorePreflightErrors(t *testing.T) {
 			sets.New[string](),
 			true,
 		},
-		{ // skip all checks
-			[]string{"all"},
-			[]string{},
-			sets.New("all"),
-			false,
-		},
 	}
 	for _, rt := range tests {
 		result, err := ValidateIgnorePreflightErrors(rt.ignorePreflightErrorsFromCLI, rt.ignorePreflightErrorsFromConfigFile)