mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 19:31:44 +00:00
Merge pull request #72390 from sbezverk/node_configsource
node config source validations
This commit is contained in:
commit
fcdc365a40
@ -4147,16 +4147,6 @@ func ValidateNode(node *core.Node) field.ErrorList {
|
||||
// That said, if specified, we need to ensure they are valid.
|
||||
allErrs = append(allErrs, ValidateNodeResources(node)...)
|
||||
|
||||
// Only allow Spec.ConfigSource and Status.Config to be set if the DynamicKubeletConfig feature gate is enabled
|
||||
if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
|
||||
if node.Spec.ConfigSource != nil {
|
||||
allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "configSource"), "configSource may only be set if the DynamicKubeletConfig feature gate is enabled)"))
|
||||
}
|
||||
if node.Status.Config != nil {
|
||||
allErrs = append(allErrs, field.Forbidden(field.NewPath("status", "config"), "config may only be set if the DynamicKubeletConfig feature gate is enabled)"))
|
||||
}
|
||||
}
|
||||
|
||||
if len(node.Spec.PodCIDR) != 0 {
|
||||
_, err := ValidateCIDR(node.Spec.PodCIDR)
|
||||
if err != nil {
|
||||
@ -4239,17 +4229,14 @@ func ValidateNodeUpdate(node, oldNode *core.Node) field.ErrorList {
|
||||
}
|
||||
}
|
||||
|
||||
// Allow and validate updates to Node.Spec.ConfigSource and Node.Status.Config if DynamicKubeletConfig feature gate is enabled
|
||||
if utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
|
||||
if node.Spec.ConfigSource != nil {
|
||||
allErrs = append(allErrs, validateNodeConfigSourceSpec(node.Spec.ConfigSource, field.NewPath("spec", "configSource"))...)
|
||||
}
|
||||
oldNode.Spec.ConfigSource = node.Spec.ConfigSource
|
||||
if node.Status.Config != nil {
|
||||
allErrs = append(allErrs, validateNodeConfigStatus(node.Status.Config, field.NewPath("status", "config"))...)
|
||||
}
|
||||
oldNode.Status.Config = node.Status.Config
|
||||
if node.Spec.ConfigSource != nil {
|
||||
allErrs = append(allErrs, validateNodeConfigSourceSpec(node.Spec.ConfigSource, field.NewPath("spec", "configSource"))...)
|
||||
}
|
||||
oldNode.Spec.ConfigSource = node.Spec.ConfigSource
|
||||
if node.Status.Config != nil {
|
||||
allErrs = append(allErrs, validateNodeConfigStatus(node.Status.Config, field.NewPath("status", "config"))...)
|
||||
}
|
||||
oldNode.Status.Config = node.Status.Config
|
||||
|
||||
// TODO: move reset function to its own location
|
||||
// Ignore metadata changes now that they have been tested
|
||||
|
@ -67,9 +67,9 @@ func (nodeStrategy) AllowCreateOnUpdate() bool {
|
||||
func (nodeStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
|
||||
node := obj.(*api.Node)
|
||||
// Nodes allow *all* fields, including status, to be set on create.
|
||||
|
||||
if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
|
||||
node.Spec.ConfigSource = nil
|
||||
node.Status.Config = nil
|
||||
}
|
||||
}
|
||||
|
||||
@ -79,12 +79,22 @@ func (nodeStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Objec
|
||||
oldNode := old.(*api.Node)
|
||||
newNode.Status = oldNode.Status
|
||||
|
||||
if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
|
||||
if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) && !nodeConfigSourceInUse(oldNode) {
|
||||
newNode.Spec.ConfigSource = nil
|
||||
oldNode.Spec.ConfigSource = nil
|
||||
}
|
||||
}
|
||||
|
||||
// nodeConfigSourceInUse returns true if node's Spec ConfigSource is set(used)
|
||||
func nodeConfigSourceInUse(node *api.Node) bool {
|
||||
if node == nil {
|
||||
return false
|
||||
}
|
||||
if node.Spec.ConfigSource != nil {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// Validate validates a new node.
|
||||
func (nodeStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList {
|
||||
node := obj.(*api.Node)
|
||||
@ -127,26 +137,27 @@ type nodeStatusStrategy struct {
|
||||
|
||||
var StatusStrategy = nodeStatusStrategy{Strategy}
|
||||
|
||||
func (nodeStatusStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
|
||||
node := obj.(*api.Node)
|
||||
// Nodes allow *all* fields, including status, to be set on create.
|
||||
|
||||
if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
|
||||
node.Status.Config = nil
|
||||
}
|
||||
}
|
||||
|
||||
func (nodeStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) {
|
||||
newNode := obj.(*api.Node)
|
||||
oldNode := old.(*api.Node)
|
||||
newNode.Spec = oldNode.Spec
|
||||
|
||||
if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
|
||||
if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) && !nodeStatusConfigInUse(oldNode) {
|
||||
newNode.Status.Config = nil
|
||||
oldNode.Status.Config = nil
|
||||
}
|
||||
}
|
||||
|
||||
// nodeStatusConfigInUse returns true if node's Status Config is set(used)
|
||||
func nodeStatusConfigInUse(node *api.Node) bool {
|
||||
if node == nil {
|
||||
return false
|
||||
}
|
||||
if node.Status.Config != nil {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (nodeStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList {
|
||||
return validation.ValidateNodeUpdate(obj.(*api.Node), old.(*api.Node))
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user