mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-25 04:33:26 +00:00
Merge pull request #72390 from sbezverk/node_configsource
node config source validations
This commit is contained in:
commit
fcdc365a40
@ -4147,16 +4147,6 @@ func ValidateNode(node *core.Node) field.ErrorList {
|
|||||||
// That said, if specified, we need to ensure they are valid.
|
// That said, if specified, we need to ensure they are valid.
|
||||||
allErrs = append(allErrs, ValidateNodeResources(node)...)
|
allErrs = append(allErrs, ValidateNodeResources(node)...)
|
||||||
|
|
||||||
// Only allow Spec.ConfigSource and Status.Config to be set if the DynamicKubeletConfig feature gate is enabled
|
|
||||||
if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
|
|
||||||
if node.Spec.ConfigSource != nil {
|
|
||||||
allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "configSource"), "configSource may only be set if the DynamicKubeletConfig feature gate is enabled)"))
|
|
||||||
}
|
|
||||||
if node.Status.Config != nil {
|
|
||||||
allErrs = append(allErrs, field.Forbidden(field.NewPath("status", "config"), "config may only be set if the DynamicKubeletConfig feature gate is enabled)"))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(node.Spec.PodCIDR) != 0 {
|
if len(node.Spec.PodCIDR) != 0 {
|
||||||
_, err := ValidateCIDR(node.Spec.PodCIDR)
|
_, err := ValidateCIDR(node.Spec.PodCIDR)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -4239,17 +4229,14 @@ func ValidateNodeUpdate(node, oldNode *core.Node) field.ErrorList {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Allow and validate updates to Node.Spec.ConfigSource and Node.Status.Config if DynamicKubeletConfig feature gate is enabled
|
if node.Spec.ConfigSource != nil {
|
||||||
if utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
|
allErrs = append(allErrs, validateNodeConfigSourceSpec(node.Spec.ConfigSource, field.NewPath("spec", "configSource"))...)
|
||||||
if node.Spec.ConfigSource != nil {
|
|
||||||
allErrs = append(allErrs, validateNodeConfigSourceSpec(node.Spec.ConfigSource, field.NewPath("spec", "configSource"))...)
|
|
||||||
}
|
|
||||||
oldNode.Spec.ConfigSource = node.Spec.ConfigSource
|
|
||||||
if node.Status.Config != nil {
|
|
||||||
allErrs = append(allErrs, validateNodeConfigStatus(node.Status.Config, field.NewPath("status", "config"))...)
|
|
||||||
}
|
|
||||||
oldNode.Status.Config = node.Status.Config
|
|
||||||
}
|
}
|
||||||
|
oldNode.Spec.ConfigSource = node.Spec.ConfigSource
|
||||||
|
if node.Status.Config != nil {
|
||||||
|
allErrs = append(allErrs, validateNodeConfigStatus(node.Status.Config, field.NewPath("status", "config"))...)
|
||||||
|
}
|
||||||
|
oldNode.Status.Config = node.Status.Config
|
||||||
|
|
||||||
// TODO: move reset function to its own location
|
// TODO: move reset function to its own location
|
||||||
// Ignore metadata changes now that they have been tested
|
// Ignore metadata changes now that they have been tested
|
||||||
|
@ -67,9 +67,9 @@ func (nodeStrategy) AllowCreateOnUpdate() bool {
|
|||||||
func (nodeStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
|
func (nodeStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
|
||||||
node := obj.(*api.Node)
|
node := obj.(*api.Node)
|
||||||
// Nodes allow *all* fields, including status, to be set on create.
|
// Nodes allow *all* fields, including status, to be set on create.
|
||||||
|
|
||||||
if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
|
if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
|
||||||
node.Spec.ConfigSource = nil
|
node.Spec.ConfigSource = nil
|
||||||
|
node.Status.Config = nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -79,12 +79,22 @@ func (nodeStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Objec
|
|||||||
oldNode := old.(*api.Node)
|
oldNode := old.(*api.Node)
|
||||||
newNode.Status = oldNode.Status
|
newNode.Status = oldNode.Status
|
||||||
|
|
||||||
if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
|
if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) && !nodeConfigSourceInUse(oldNode) {
|
||||||
newNode.Spec.ConfigSource = nil
|
newNode.Spec.ConfigSource = nil
|
||||||
oldNode.Spec.ConfigSource = nil
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// nodeConfigSourceInUse returns true if node's Spec ConfigSource is set(used)
|
||||||
|
func nodeConfigSourceInUse(node *api.Node) bool {
|
||||||
|
if node == nil {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
if node.Spec.ConfigSource != nil {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
// Validate validates a new node.
|
// Validate validates a new node.
|
||||||
func (nodeStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList {
|
func (nodeStrategy) Validate(ctx context.Context, obj runtime.Object) field.ErrorList {
|
||||||
node := obj.(*api.Node)
|
node := obj.(*api.Node)
|
||||||
@ -127,26 +137,27 @@ type nodeStatusStrategy struct {
|
|||||||
|
|
||||||
var StatusStrategy = nodeStatusStrategy{Strategy}
|
var StatusStrategy = nodeStatusStrategy{Strategy}
|
||||||
|
|
||||||
func (nodeStatusStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
|
|
||||||
node := obj.(*api.Node)
|
|
||||||
// Nodes allow *all* fields, including status, to be set on create.
|
|
||||||
|
|
||||||
if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
|
|
||||||
node.Status.Config = nil
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func (nodeStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) {
|
func (nodeStatusStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object) {
|
||||||
newNode := obj.(*api.Node)
|
newNode := obj.(*api.Node)
|
||||||
oldNode := old.(*api.Node)
|
oldNode := old.(*api.Node)
|
||||||
newNode.Spec = oldNode.Spec
|
newNode.Spec = oldNode.Spec
|
||||||
|
|
||||||
if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) {
|
if !utilfeature.DefaultFeatureGate.Enabled(features.DynamicKubeletConfig) && !nodeStatusConfigInUse(oldNode) {
|
||||||
newNode.Status.Config = nil
|
newNode.Status.Config = nil
|
||||||
oldNode.Status.Config = nil
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// nodeStatusConfigInUse returns true if node's Status Config is set(used)
|
||||||
|
func nodeStatusConfigInUse(node *api.Node) bool {
|
||||||
|
if node == nil {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
if node.Status.Config != nil {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
func (nodeStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList {
|
func (nodeStatusStrategy) ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList {
|
||||||
return validation.ValidateNodeUpdate(obj.(*api.Node), old.(*api.Node))
|
return validation.ValidateNodeUpdate(obj.(*api.Node), old.(*api.Node))
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user