Merge pull request #72390 from sbezverk/node_configsource

node config source validations
2025-07-29 22:46:12 +00:00 · 2018-12-29 11:24:45 -08:00 · 2018-12-29 11:24:45 -08:00 · fcdc365a40
commit fcdc365a40
parent 5ac194e09d e61b76fb8c
2 changed files with 32 additions and 34 deletions
--- a/pkg/apis/core/validation/validation.go
+++ b/pkg/apis/core/validation/validation.go
@ -4147,16 +4147,6 @@ func ValidateNode(node *core.Node) field.ErrorList {
 	// That said, if specified, we need to ensure they are valid.
 	allErrs = append(allErrs, ValidateNodeResources(node)...)

-	// Only allow Spec.ConfigSource and Status.Config to be set if the DynamicKubeletConfig feature gate is enabled
-	if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
-		if node.Spec.ConfigSource != nil {
-			allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "configSource"), "configSource may only be set if the DynamicKubeletConfig feature gate is enabled)"))
-		}
-		if node.Status.Config != nil {
-			allErrs = append(allErrs, field.Forbidden(field.NewPath("status", "config"), "config may only be set if the DynamicKubeletConfig feature gate is enabled)"))
-		}
-	}
-
 	if len(node.Spec.PodCIDR) != 0 {
 		_, err := ValidateCIDR(node.Spec.PodCIDR)
 		if err != nil {
@ -4239,17 +4229,14 @@ func ValidateNodeUpdate(node, oldNode *core.Node) field.ErrorList {
 		}
 	}

-	// Allow and validate updates to Node.Spec.ConfigSource and Node.Status.Config if DynamicKubeletConfig feature gate is enabled
-	if utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
-		if node.Spec.ConfigSource != nil {
-			allErrs = append(allErrs, validateNodeConfigSourceSpec(node.Spec.ConfigSource, field.NewPath("spec", "configSource"))...)
-		}
-		oldNode.Spec.ConfigSource = node.Spec.ConfigSource
-		if node.Status.Config != nil {
-			allErrs = append(allErrs, validateNodeConfigStatus(node.Status.Config, field.NewPath("status", "config"))...)
-		}
-		oldNode.Status.Config = node.Status.Config
+	if node.Spec.ConfigSource != nil {
+		allErrs = append(allErrs, validateNodeConfigSourceSpec(node.Spec.ConfigSource, field.NewPath("spec", "configSource"))...)
 	}
+	oldNode.Spec.ConfigSource = node.Spec.ConfigSource
+	if node.Status.Config != nil {
+		allErrs = append(allErrs, validateNodeConfigStatus(node.Status.Config, field.NewPath("status", "config"))...)
+	}
+	oldNode.Status.Config = node.Status.Config

 	// TODO: move reset function to its own location
 	// Ignore metadata changes now that they have been tested
--- a/pkg/registry/core/node/strategy.go
+++ b/pkg/registry/core/node/strategy.go
@ -67,9 +67,9 @@ func (nodeStrategy) AllowCreateOnUpdate() bool {
 func (nodeStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
 	node := obj.(*api.Node)
 	// Nodes allow *all* fields, including status, to be set on create.
-
 	if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
 		node.Spec.ConfigSource = nil
+		node.Status.Config = nil
 	}
 }

@ -79,12 +79,22 @@ func (nodeStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Objec
 	oldNode := old.(*api.Node)
 	newNode.Status = oldNode.Status

-	if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
+	if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) && !nodeConfigSourceInUse(oldNode) {
 		newNode.Spec.ConfigSource = nil
-		oldNode.Spec.ConfigSource = nil
 	}
 }

+// nodeConfigSourceInUse returns true if node's Spec ConfigSource is set(used)
+func nodeConfigSourceInUse(node *api.Node) bool {
+	if node == nil {
+		return false
+	}
+	if node.Spec.ConfigSource != nil {
+		return true
+	}
+	return false
+}
+
 // Validate validates a new node.
 func (nodeStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList {
 	node := obj.(*api.Node)
@ -127,26 +137,27 @@ type nodeStatusStrategy struct {

 var StatusStrategy = nodeStatusStrategy{Strategy}

-func (nodeStatusStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
-	node := obj.(*api.Node)
-	// Nodes allow *all* fields, including status, to be set on create.
-
-	if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
-		node.Status.Config = nil
-	}
-}
-
 func (nodeStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) {
 	newNode := obj.(*api.Node)
 	oldNode := old.(*api.Node)
 	newNode.Spec = oldNode.Spec

-	if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
+	if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) && !nodeStatusConfigInUse(oldNode) {
 		newNode.Status.Config = nil
-		oldNode.Status.Config = nil
 	}
 }

+// nodeStatusConfigInUse returns true if node's Status Config is set(used)
+func nodeStatusConfigInUse(node *api.Node) bool {
+	if node == nil {
+		return false
+	}
+	if node.Status.Config != nil {
+		return true
+	}
+	return false
+}
+
 func (nodeStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList {
 	return validation.ValidateNodeUpdate(obj.(*api.Node), old.(*api.Node))
 }