From bd9b78d68616abb476ce1de974e58e34a88952ad Mon Sep 17 00:00:00 2001 From: SataQiu Date: Sun, 16 Jul 2023 12:37:12 +0800 Subject: [PATCH] kubeadm: remove the limitation that the 'ignorePreflightErrors' field can not be set to 'all' in kubeadm config file, and keep CLI / config consistent --- cmd/kubeadm/app/apis/kubeadm/types.go | 4 ++- cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go | 3 +- cmd/kubeadm/app/apis/kubeadm/v1beta4/types.go | 4 ++- .../app/apis/kubeadm/validation/validation.go | 7 ----- .../kubeadm/validation/validation_test.go | 30 +++++++++++++------ 5 files changed, 29 insertions(+), 19 deletions(-) diff --git a/cmd/kubeadm/app/apis/kubeadm/types.go b/cmd/kubeadm/app/apis/kubeadm/types.go index b1d1a515a98..00671e43b4c 100644 --- a/cmd/kubeadm/app/apis/kubeadm/types.go +++ b/cmd/kubeadm/app/apis/kubeadm/types.go @@ -221,7 +221,8 @@ type NodeRegistrationOptions struct { // command line except without leading dash(es). KubeletExtraArgs map[string]string - // IgnorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. + // IgnorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'. + // Value 'all' ignores errors from all checks. IgnorePreflightErrors []string // ImagePullPolicy specifies the policy for image pulling during kubeadm "init" and "join" operations. @@ -488,6 +489,7 @@ type ResetConfiguration struct { Force bool // IgnorePreflightErrors provides a slice of pre-flight errors to be ignored during the reset process, e.g. 'IsPrivilegedUser,Swap'. + // Value 'all' ignores errors from all checks. IgnorePreflightErrors []string // SkipPhases is a list of phases to skip during command execution. diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go b/cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go index eaa2984f40f..d7a6a2e2efb 100644 --- a/cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go +++ b/cmd/kubeadm/app/apis/kubeadm/v1beta3/types.go @@ -228,7 +228,8 @@ type NodeRegistrationOptions struct { // +optional KubeletExtraArgs map[string]string `json:"kubeletExtraArgs,omitempty"` - // IgnorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. + // IgnorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'. + // Value 'all' ignores errors from all checks. // +optional IgnorePreflightErrors []string `json:"ignorePreflightErrors,omitempty"` diff --git a/cmd/kubeadm/app/apis/kubeadm/v1beta4/types.go b/cmd/kubeadm/app/apis/kubeadm/v1beta4/types.go index bcd5140048e..5be7195e6f6 100644 --- a/cmd/kubeadm/app/apis/kubeadm/v1beta4/types.go +++ b/cmd/kubeadm/app/apis/kubeadm/v1beta4/types.go @@ -233,7 +233,8 @@ type NodeRegistrationOptions struct { // +optional KubeletExtraArgs map[string]string `json:"kubeletExtraArgs,omitempty"` - // IgnorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. + // IgnorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered, e.g. 'IsPrivilegedUser,Swap'. + // Value 'all' ignores errors from all checks. // +optional IgnorePreflightErrors []string `json:"ignorePreflightErrors,omitempty"` @@ -482,6 +483,7 @@ type ResetConfiguration struct { Force bool `json:"force,omitempty"` // IgnorePreflightErrors provides a slice of pre-flight errors to be ignored during the reset process, e.g. 'IsPrivilegedUser,Swap'. + // Value 'all' ignores errors from all checks. // +optional IgnorePreflightErrors []string `json:"ignorePreflightErrors,omitempty"` diff --git a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go index 48c02569706..e1bf34f22d1 100644 --- a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go +++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go @@ -605,13 +605,6 @@ func ValidateIgnorePreflightErrors(ignorePreflightErrorsFromCLI, ignorePreflight ignoreErrors.Insert(strings.ToLower(item)) // parameters are case insensitive } - if ignoreErrors.Has("all") { - // "all" is forbidden in config files. Administrators should use an - // explicit list of errors they want to ignore, as it can be risky to - // mask all errors in such a way. Hence, we return an error: - allErrs = append(allErrs, field.Invalid(field.NewPath("ignorePreflightErrors"), "all", "'all' cannot be used in configuration file")) - } - for _, item := range ignorePreflightErrorsFromCLI { ignoreErrors.Insert(strings.ToLower(item)) // parameters are case insensitive } diff --git a/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go b/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go index 2291ca2d82b..c98fcdbef12 100644 --- a/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go +++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go @@ -794,19 +794,37 @@ func TestValidateIgnorePreflightErrors(t *testing.T) { sets.New("a", "b", "c"), false, }, + { // empty list in CLI, but 'all' present in config file + []string{}, + []string{"all"}, + sets.New("all"), + false, + }, + { // empty list in config file, but 'all' present in CLI + []string{"all"}, + []string{}, + sets.New("all"), + false, + }, + { // some duplicates, only 'all' present in CLI and config file + []string{"all"}, + []string{"all"}, + sets.New("all"), + false, + }, { // non-duplicate, but 'all' present together with individual checks in CLI []string{"a", "b", "all"}, []string{}, sets.New[string](), true, }, - { // empty list in CLI, but 'all' present in config file, which is forbidden + { // non-duplicate, but 'all' present together with individual checks in config file []string{}, - []string{"all"}, + []string{"a", "b", "all"}, sets.New[string](), true, }, - { // non-duplicate, but 'all' present in config file, which is forbidden + { // non-duplicate, but 'all' present in config file, while values are in CLI, which is forbidden []string{"a", "b"}, []string{"all"}, sets.New[string](), @@ -818,12 +836,6 @@ func TestValidateIgnorePreflightErrors(t *testing.T) { sets.New[string](), true, }, - { // skip all checks - []string{"all"}, - []string{}, - sets.New("all"), - false, - }, } for _, rt := range tests { result, err := ValidateIgnorePreflightErrors(rt.ignorePreflightErrorsFromCLI, rt.ignorePreflightErrorsFromConfigFile)