From de406f83cfafc4033a935821a05cd8d8e5f50099 Mon Sep 17 00:00:00 2001 From: m1093782566 Date: Tue, 8 Aug 2017 18:36:46 +0800 Subject: [PATCH] validate kube-apiserver options --- pkg/registry/cachesize/cachesize.go | 4 ++++ .../apiextensions-apiserver/pkg/cmd/server/BUILD | 1 + .../apiextensions-apiserver/pkg/cmd/server/start.go | 5 ++++- .../k8s.io/apiserver/pkg/server/options/admission.go | 5 +++++ .../k8s.io/apiserver/pkg/server/options/feature.go | 5 +++++ .../apiserver/pkg/server/options/recommended.go | 12 ++++++++++++ .../src/k8s.io/kube-aggregator/pkg/cmd/server/BUILD | 1 + .../k8s.io/kube-aggregator/pkg/cmd/server/start.go | 7 +++++-- .../src/k8s.io/sample-apiserver/pkg/cmd/server/BUILD | 1 + .../k8s.io/sample-apiserver/pkg/cmd/server/start.go | 6 +++++- 10 files changed, 43 insertions(+), 4 deletions(-) diff --git a/pkg/registry/cachesize/cachesize.go b/pkg/registry/cachesize/cachesize.go index cea62fe5f4d..20a566fbd60 100644 --- a/pkg/registry/cachesize/cachesize.go +++ b/pkg/registry/cachesize/cachesize.go @@ -105,6 +105,10 @@ func SetWatchCacheSizes(cacheSizes []string) { glog.Errorf("invalid size of watch cache capabilities: %s", c) continue } + if size < 0 { + glog.Errorf("watch cache size cannot be negative: %s", c) + continue + } watchCacheSizes[Resource(strings.ToLower(tokens[0]))] = size } diff --git a/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/BUILD b/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/BUILD index b9d59e5a425..0245c78abf5 100644 --- a/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/BUILD +++ b/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/BUILD @@ -16,6 +16,7 @@ go_library( "//vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1:go_default_library", "//vendor/k8s.io/apiextensions-apiserver/pkg/apiserver:go_default_library", "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/util/errors:go_default_library", "//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library", "//vendor/k8s.io/apiserver/pkg/server:go_default_library", "//vendor/k8s.io/apiserver/pkg/server/options:go_default_library", diff --git a/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/start.go b/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/start.go index a54bcd4c058..38c266e7073 100644 --- a/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/start.go +++ b/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/start.go @@ -26,6 +26,7 @@ import ( "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" "k8s.io/apiextensions-apiserver/pkg/apiserver" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + utilerrors "k8s.io/apimachinery/pkg/util/errors" genericregistry "k8s.io/apiserver/pkg/registry/generic" genericapiserver "k8s.io/apiserver/pkg/server" genericoptions "k8s.io/apiserver/pkg/server/options" @@ -78,7 +79,9 @@ func NewCommandStartCustomResourceDefinitionsServer(out, errOut io.Writer, stopC } func (o CustomResourceDefinitionsServerOptions) Validate(args []string) error { - return nil + errors := []error{} + errors = append(errors, o.RecommendedOptions.Validate()...) + return utilerrors.NewAggregate(errors) } func (o *CustomResourceDefinitionsServerOptions) Complete() error { diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/admission.go b/staging/src/k8s.io/apiserver/pkg/server/options/admission.go index 760f4fc3da7..5604681825f 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/admission.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/admission.go @@ -89,3 +89,8 @@ func (a *AdmissionOptions) ApplyTo(serverCfg *server.Config, pluginInitializers serverCfg.AdmissionControl = admissionChain return nil } + +func (a *AdmissionOptions) Validate() []error { + errs := []error{} + return errs +} diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/feature.go b/staging/src/k8s.io/apiserver/pkg/server/options/feature.go index d99a73495ff..cd62c7c67f7 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/feature.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/feature.go @@ -55,3 +55,8 @@ func (o *FeatureOptions) ApplyTo(c *server.Config) error { return nil } + +func (o *FeatureOptions) Validate() []error { + errs := []error{} + return errs +} diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/recommended.go b/staging/src/k8s.io/apiserver/pkg/server/options/recommended.go index 92ec3e8e22f..a0efcb49a52 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/recommended.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/recommended.go @@ -77,3 +77,15 @@ func (o *RecommendedOptions) ApplyTo(config *server.Config) error { return nil } + +func (o *RecommendedOptions) Validate() []error { + errors := []error{} + errors = append(errors, o.Etcd.Validate()...) + errors = append(errors, o.SecureServing.Validate()...) + errors = append(errors, o.Authentication.Validate()...) + errors = append(errors, o.Authorization.Validate()...) + errors = append(errors, o.Audit.Validate()...) + errors = append(errors, o.Features.Validate()...) + + return errors +} diff --git a/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/BUILD b/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/BUILD index bff6d123f80..aaf8be18f6b 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/BUILD +++ b/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/BUILD @@ -14,6 +14,7 @@ go_library( deps = [ "//vendor/github.com/spf13/cobra:go_default_library", "//vendor/github.com/spf13/pflag:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/util/errors:go_default_library", "//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library", "//vendor/k8s.io/apiserver/pkg/server:go_default_library", "//vendor/k8s.io/apiserver/pkg/server/filters:go_default_library", diff --git a/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/start.go b/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/start.go index c5f39f0a3c9..1db47144b33 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/start.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/start.go @@ -25,6 +25,7 @@ import ( "github.com/spf13/cobra" "github.com/spf13/pflag" + utilerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/sets" genericapiserver "k8s.io/apiserver/pkg/server" "k8s.io/apiserver/pkg/server/filters" @@ -47,7 +48,7 @@ type AggregatorOptions struct { ProxyClientCertFile string ProxyClientKeyFile string - // CoreAPIKubeconfig is a filename for a kubeconfig file to contact the core API server wtih + // CoreAPIKubeconfig is a filename for a kubeconfig file to contact the core API server with // If it is not set, the in cluster config is used CoreAPIKubeconfig string @@ -102,7 +103,9 @@ func NewDefaultOptions(out, err io.Writer) *AggregatorOptions { } func (o AggregatorOptions) Validate(args []string) error { - return nil + errors := []error{} + errors = append(errors, o.RecommendedOptions.Validate()...) + return utilerrors.NewAggregate(errors) } func (o *AggregatorOptions) Complete() error { diff --git a/staging/src/k8s.io/sample-apiserver/pkg/cmd/server/BUILD b/staging/src/k8s.io/sample-apiserver/pkg/cmd/server/BUILD index ae62e2206ea..4eda45b8ab8 100644 --- a/staging/src/k8s.io/sample-apiserver/pkg/cmd/server/BUILD +++ b/staging/src/k8s.io/sample-apiserver/pkg/cmd/server/BUILD @@ -13,6 +13,7 @@ go_library( tags = ["automanaged"], deps = [ "//vendor/github.com/spf13/cobra:go_default_library", + "//vendor/k8s.io/apimachinery/pkg/util/errors:go_default_library", "//vendor/k8s.io/apiserver/pkg/server:go_default_library", "//vendor/k8s.io/apiserver/pkg/server/options:go_default_library", "//vendor/k8s.io/sample-apiserver/pkg/apis/wardle/v1alpha1:go_default_library", diff --git a/staging/src/k8s.io/sample-apiserver/pkg/cmd/server/start.go b/staging/src/k8s.io/sample-apiserver/pkg/cmd/server/start.go index 3ed49adb52c..2a313db160d 100644 --- a/staging/src/k8s.io/sample-apiserver/pkg/cmd/server/start.go +++ b/staging/src/k8s.io/sample-apiserver/pkg/cmd/server/start.go @@ -23,6 +23,7 @@ import ( "github.com/spf13/cobra" + utilerrors "k8s.io/apimachinery/pkg/util/errors" genericapiserver "k8s.io/apiserver/pkg/server" genericoptions "k8s.io/apiserver/pkg/server/options" "k8s.io/sample-apiserver/pkg/apis/wardle/v1alpha1" @@ -80,7 +81,10 @@ func NewCommandStartWardleServer(out, errOut io.Writer, stopCh <-chan struct{}) } func (o WardleServerOptions) Validate(args []string) error { - return nil + errors := []error{} + errors = append(errors, o.RecommendedOptions.Validate()...) + errors = append(errors, o.Admission.Validate()...) + return utilerrors.NewAggregate(errors) } func (o *WardleServerOptions) Complete() error {