k3s/cmd/kube-apiserver/app/options/validation.go

/*
Copyright 2014 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package options

import (
	"fmt"

	apiextensionsapiserver "k8s.io/apiextensions-apiserver/pkg/apiserver"
	aggregatorscheme "k8s.io/kube-aggregator/pkg/apiserver/scheme"
	"k8s.io/kubernetes/pkg/api/legacyscheme"
)

// TODO: Longer term we should read this from some config store, rather than a flag.
func validateClusterIPFlags(options *ServerRunOptions) []error {
	errors := []error{}
	if options.ServiceClusterIPRange.IP == nil {
		errors = append(errors, fmt.Errorf("no --service-cluster-ip-range specified"))
	}
	var ones, bits = options.ServiceClusterIPRange.Mask.Size()
	if bits-ones > 20 {
		errors = append(errors, fmt.Errorf("specified --service-cluster-ip-range is too large"))
	}
	return errors
}

func validateServiceNodePort(options *ServerRunOptions) []error {
	errors := []error{}
	if options.KubernetesServiceNodePort < 0 || options.KubernetesServiceNodePort > 65535 {
		errors = append(errors, fmt.Errorf("--kubernetes-service-node-port %v must be between 0 and 65535, inclusive. If 0, the Kubernetes master service will be of type ClusterIP", options.KubernetesServiceNodePort))
	}

	if options.KubernetesServiceNodePort > 0 && !options.ServiceNodePortRange.Contains(options.KubernetesServiceNodePort) {
		errors = append(errors, fmt.Errorf("kubernetes service port range %v doesn't contain %v", options.ServiceNodePortRange, (options.KubernetesServiceNodePort)))
	}
	return errors
}

// Validate checks ServerRunOptions and return a slice of found errors.
func (s *ServerRunOptions) Validate() []error {
	var errors []error
	if errs := s.Etcd.Validate(); len(errs) > 0 {
		errors = append(errors, errs...)
	}
	if errs := validateClusterIPFlags(s); len(errs) > 0 {
		errors = append(errors, errs...)
	}
	if errs := validateServiceNodePort(s); len(errs) > 0 {
		errors = append(errors, errs...)
	}
	if errs := s.SecureServing.Validate(); len(errs) > 0 {
		errors = append(errors, errs...)
	}
	if errs := s.Authentication.Validate(); len(errs) > 0 {
		errors = append(errors, errs...)
	}
	if errs := s.Authorization.Validate(); len(errs) > 0 {
		errors = append(errors, errs...)
	}
	if errs := s.Audit.Validate(); len(errs) > 0 {
		errors = append(errors, errs...)
	}
	if errs := s.Admission.Validate(); len(errs) > 0 {
		errors = append(errors, errs...)
	}
	if errs := s.InsecureServing.Validate(); len(errs) > 0 {
		errors = append(errors, errs...)
	}
	if s.MasterCount <= 0 {
		errors = append(errors, fmt.Errorf("--apiserver-count should be a positive number, but value '%d' provided", s.MasterCount))
	}
	if errs := s.APIEnablement.Validate(legacyscheme.Scheme, apiextensionsapiserver.Scheme, aggregatorscheme.Scheme); len(errs) > 0 {
		errors = append(errors, errs...)
	}

	return errors
}
Extract etcd options from genericapiserver. 2016-08-09 11:35:53 +00:00			`/*`
pkg/apiserver: move validation.go into pkg/registry 2016-12-14 10:11:25 +00:00			`Copyright 2014 The Kubernetes Authors.`
Extract etcd options from genericapiserver. 2016-08-09 11:35:53 +00:00
			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

genericapiserver: move MasterCount and service options into master 2016-12-06 11:22:49 +00:00			`package options`
Extract etcd options from genericapiserver. 2016-08-09 11:35:53 +00:00
			`import (`
combine the ValidateRunOptions errors Signed-off-by: PingWang <wang.ping5@zte.com.cn> replace Aggregate with []error Signed-off-by: PingWang <wang.ping5@zte.com.cn> replace Aggregate with []error Signed-off-by: PingWang <wang.ping5@zte.com.cn> 2016-08-26 09:30:39 +00:00			`"fmt"`
pass APIEnablement through apiserver chain 2017-12-21 03:27:20 +00:00
			`apiextensionsapiserver "k8s.io/apiextensions-apiserver/pkg/apiserver"`
refactor kube-aggregator api group install 2018-01-26 02:32:46 +00:00			`aggregatorscheme "k8s.io/kube-aggregator/pkg/apiserver/scheme"`
pass APIEnablement through apiserver chain 2017-12-21 03:27:20 +00:00			`"k8s.io/kubernetes/pkg/api/legacyscheme"`
Extract etcd options from genericapiserver. 2016-08-09 11:35:53 +00:00			`)`

			`// TODO: Longer term we should read this from some config store, rather than a flag.`
Clean up apiserver and federation defaulting and validation 2016-12-14 09:37:20 +00:00			`func validateClusterIPFlags(options *ServerRunOptions) []error {`
combine the ValidateRunOptions errors Signed-off-by: PingWang <wang.ping5@zte.com.cn> replace Aggregate with []error Signed-off-by: PingWang <wang.ping5@zte.com.cn> replace Aggregate with []error Signed-off-by: PingWang <wang.ping5@zte.com.cn> 2016-08-26 09:30:39 +00:00			`errors := []error{}`
Extract etcd options from genericapiserver. 2016-08-09 11:35:53 +00:00			`if options.ServiceClusterIPRange.IP == nil {`
Clean up apiserver and federation defaulting and validation 2016-12-14 09:37:20 +00:00			`errors = append(errors, fmt.Errorf("no --service-cluster-ip-range specified"))`
Extract etcd options from genericapiserver. 2016-08-09 11:35:53 +00:00			`}`
			`var ones, bits = options.ServiceClusterIPRange.Mask.Size()`
			`if bits-ones > 20 {`
Clean up apiserver and federation defaulting and validation 2016-12-14 09:37:20 +00:00			`errors = append(errors, fmt.Errorf("specified --service-cluster-ip-range is too large"))`
Extract etcd options from genericapiserver. 2016-08-09 11:35:53 +00:00			`}`
combine the ValidateRunOptions errors Signed-off-by: PingWang <wang.ping5@zte.com.cn> replace Aggregate with []error Signed-off-by: PingWang <wang.ping5@zte.com.cn> replace Aggregate with []error Signed-off-by: PingWang <wang.ping5@zte.com.cn> 2016-08-26 09:30:39 +00:00			`return errors`
Extract etcd options from genericapiserver. 2016-08-09 11:35:53 +00:00			`}`

Clean up apiserver and federation defaulting and validation 2016-12-14 09:37:20 +00:00			`func validateServiceNodePort(options *ServerRunOptions) []error {`
combine the ValidateRunOptions errors Signed-off-by: PingWang <wang.ping5@zte.com.cn> replace Aggregate with []error Signed-off-by: PingWang <wang.ping5@zte.com.cn> replace Aggregate with []error Signed-off-by: PingWang <wang.ping5@zte.com.cn> 2016-08-26 09:30:39 +00:00			`errors := []error{}`
Extract etcd options from genericapiserver. 2016-08-09 11:35:53 +00:00			`if options.KubernetesServiceNodePort < 0 \|\| options.KubernetesServiceNodePort > 65535 {`
Clean up apiserver and federation defaulting and validation 2016-12-14 09:37:20 +00:00			`errors = append(errors, fmt.Errorf("--kubernetes-service-node-port %v must be between 0 and 65535, inclusive. If 0, the Kubernetes master service will be of type ClusterIP", options.KubernetesServiceNodePort))`
Extract etcd options from genericapiserver. 2016-08-09 11:35:53 +00:00			`}`

			`if options.KubernetesServiceNodePort > 0 && !options.ServiceNodePortRange.Contains(options.KubernetesServiceNodePort) {`
Clean up apiserver and federation defaulting and validation 2016-12-14 09:37:20 +00:00			`errors = append(errors, fmt.Errorf("kubernetes service port range %v doesn't contain %v", options.ServiceNodePortRange, (options.KubernetesServiceNodePort)))`
Extract etcd options from genericapiserver. 2016-08-09 11:35:53 +00:00			`}`
combine the ValidateRunOptions errors Signed-off-by: PingWang <wang.ping5@zte.com.cn> replace Aggregate with []error Signed-off-by: PingWang <wang.ping5@zte.com.cn> replace Aggregate with []error Signed-off-by: PingWang <wang.ping5@zte.com.cn> 2016-08-26 09:30:39 +00:00			`return errors`
Extract etcd options from genericapiserver. 2016-08-09 11:35:53 +00:00			`}`

pkg/apiserver: move validation.go into pkg/registry 2016-12-14 10:11:25 +00:00			`// Validate checks ServerRunOptions and return a slice of found errors.`
apiserver clean code 2018-03-02 09:15:02 +00:00			`func (s *ServerRunOptions) Validate() []error {`
Clean up apiserver and federation defaulting and validation 2016-12-14 09:37:20 +00:00			`var errors []error`
apiserver clean code 2018-03-02 09:15:02 +00:00			`if errs := s.Etcd.Validate(); len(errs) > 0 {`
Clean up apiserver and federation defaulting and validation 2016-12-14 09:37:20 +00:00			`errors = append(errors, errs...)`
			`}`
apiserver clean code 2018-03-02 09:15:02 +00:00			`if errs := validateClusterIPFlags(s); len(errs) > 0 {`
combine the ValidateRunOptions errors Signed-off-by: PingWang <wang.ping5@zte.com.cn> replace Aggregate with []error Signed-off-by: PingWang <wang.ping5@zte.com.cn> replace Aggregate with []error Signed-off-by: PingWang <wang.ping5@zte.com.cn> 2016-08-26 09:30:39 +00:00			`errors = append(errors, errs...)`
			`}`
apiserver clean code 2018-03-02 09:15:02 +00:00			`if errs := validateServiceNodePort(s); len(errs) > 0 {`
combine the ValidateRunOptions errors Signed-off-by: PingWang <wang.ping5@zte.com.cn> replace Aggregate with []error Signed-off-by: PingWang <wang.ping5@zte.com.cn> replace Aggregate with []error Signed-off-by: PingWang <wang.ping5@zte.com.cn> 2016-08-26 09:30:39 +00:00			`errors = append(errors, errs...)`
			`}`
apiserver clean code 2018-03-02 09:15:02 +00:00			`if errs := s.SecureServing.Validate(); len(errs) > 0 {`
Clean up apiserver and federation defaulting and validation 2016-12-14 09:37:20 +00:00			`errors = append(errors, errs...)`
			`}`
apiserver clean code 2018-03-02 09:15:02 +00:00			`if errs := s.Authentication.Validate(); len(errs) > 0 {`
validate oidc flags This change validate oidc flags for kube-apiserver. 2017-05-22 10:03:28 +00:00			`errors = append(errors, errs...)`
			`}`
validate authorization flags in BuiltInAuthorizationOptions.Validate 2018-03-14 06:28:41 +00:00			`if errs := s.Authorization.Validate(); len(errs) > 0 {`
			`errors = append(errors, errs...)`
			`}`
apiserver clean code 2018-03-02 09:15:02 +00:00			`if errs := s.Audit.Validate(); len(errs) > 0 {`
Add Validate() function for audit options 2017-06-06 11:31:29 +00:00			`errors = append(errors, errs...)`
			`}`
apiserver clean code 2018-03-02 09:15:02 +00:00			`if errs := s.Admission.Validate(); len(errs) > 0 {`
validate admission-control param 2017-11-30 06:34:36 +00:00			`errors = append(errors, errs...)`
			`}`
apiserver clean code 2018-03-02 09:15:02 +00:00			`if errs := s.InsecureServing.Validate(); len(errs) > 0 {`
Clean up apiserver and federation defaulting and validation 2016-12-14 09:37:20 +00:00			`errors = append(errors, errs...)`
combine the ValidateRunOptions errors Signed-off-by: PingWang <wang.ping5@zte.com.cn> replace Aggregate with []error Signed-off-by: PingWang <wang.ping5@zte.com.cn> replace Aggregate with []error Signed-off-by: PingWang <wang.ping5@zte.com.cn> 2016-08-26 09:30:39 +00:00			`}`
apiserver clean code 2018-03-02 09:15:02 +00:00			`if s.MasterCount <= 0 {`
			`errors = append(errors, fmt.Errorf("--apiserver-count should be a positive number, but value '%d' provided", s.MasterCount))`
Added validation for API server's 'apiserver-count' flag. --apiserver-count should be a positive number, otherwise will cause errors when reconciling endpoints in MasterCountEndpointsReconciler. 2016-12-07 07:25:36 +00:00			`}`
simplify api registration 2018-05-07 12:32:20 +00:00			`if errs := s.APIEnablement.Validate(legacyscheme.Scheme, apiextensionsapiserver.Scheme, aggregatorscheme.Scheme); len(errs) > 0 {`
pass APIEnablement through apiserver chain 2017-12-21 03:27:20 +00:00			`errors = append(errors, errs...)`
			`}`

Clean up apiserver and federation defaulting and validation 2016-12-14 09:37:20 +00:00			`return errors`
Extract etcd options from genericapiserver. 2016-08-09 11:35:53 +00:00			`}`