mirror of https://github.com/k3s-io/k3s
cleanup error handling in apiserver opts validation
Mike Danese
parent
06935e1c90
commit
20bad760fc
|
|
@ -17,6 +17,7 @@ limitations under the License.
|
|||
package options
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
apiextensionsapiserver "k8s.io/apiextensions-apiserver/pkg/apiserver"
|
||||
|
|
@ -28,31 +29,34 @@ import (
|
|||
|
||||
// TODO: Longer term we should read this from some config store, rather than a flag.
|
||||
func validateClusterIPFlags(options *ServerRunOptions) []error {
|
||||
errors := []error{}
|
||||
var errs []error
|
||||
|
||||
if options.ServiceClusterIPRange.IP == nil {
|
||||
errors = append(errors, fmt.Errorf("no --service-cluster-ip-range specified"))
|
||||
errs = append(errs, errors.New("no --service-cluster-ip-range specified"))
|
||||
}
|
||||
var ones, bits = options.ServiceClusterIPRange.Mask.Size()
|
||||
if bits-ones > 20 {
|
||||
errors = append(errors, fmt.Errorf("specified --service-cluster-ip-range is too large"))
|
||||
errs = append(errs, errors.New("specified --service-cluster-ip-range is too large"))
|
||||
}
|
||||
return errors
|
||||
|
||||
return errs
|
||||
}
|
||||
|
||||
func validateServiceNodePort(options *ServerRunOptions) []error {
|
||||
errors := []error{}
|
||||
var errs []error
|
||||
|
||||
if options.KubernetesServiceNodePort < 0 || options.KubernetesServiceNodePort > 65535 {
|
||||
errors = append(errors, fmt.Errorf("--kubernetes-service-node-port %v must be between 0 and 65535, inclusive. If 0, the Kubernetes master service will be of type ClusterIP", options.KubernetesServiceNodePort))
|
||||
errs = append(errs, fmt.Errorf("--kubernetes-service-node-port %v must be between 0 and 65535, inclusive. If 0, the Kubernetes master service will be of type ClusterIP", options.KubernetesServiceNodePort))
|
||||
}
|
||||
|
||||
if options.KubernetesServiceNodePort > 0 && !options.ServiceNodePortRange.Contains(options.KubernetesServiceNodePort) {
|
||||
errors = append(errors, fmt.Errorf("kubernetes service port range %v doesn't contain %v", options.ServiceNodePortRange, (options.KubernetesServiceNodePort)))
|
||||
errs = append(errs, fmt.Errorf("kubernetes service port range %v doesn't contain %v", options.ServiceNodePortRange, (options.KubernetesServiceNodePort)))
|
||||
}
|
||||
return errors
|
||||
return errs
|
||||
}
|
||||
|
||||
func validateTokenRequest(options *ServerRunOptions) []error {
|
||||
errors := []error{}
|
||||
var errs []error
|
||||
|
||||
enableAttempted := options.ServiceAccountSigningKeyFile != "" ||
|
||||
options.Authentication.ServiceAccounts.Issuer != "" ||
|
||||
|
|
@ -61,63 +65,41 @@ func validateTokenRequest(options *ServerRunOptions) []error {
|
|||
enableSucceeded := options.ServiceAccountIssuer != nil
|
||||
|
||||
if enableAttempted && !utilfeature.DefaultFeatureGate.Enabled(features.TokenRequest) {
|
||||
errors = append(errors, fmt.Errorf("the TokenRequest feature is not enabled but --service-account-signing-key-file, --service-account-issuer and/or --api-audiences flags were passed"))
|
||||
errs = append(errs, errors.New("the TokenRequest feature is not enabled but --service-account-signing-key-file, --service-account-issuer and/or --api-audiences flags were passed"))
|
||||
}
|
||||
|
||||
if utilfeature.DefaultFeatureGate.Enabled(features.BoundServiceAccountTokenVolume) && !utilfeature.DefaultFeatureGate.Enabled(features.TokenRequest) {
|
||||
errors = append(errors, fmt.Errorf("the BoundServiceAccountTokenVolume feature depends on the TokenRequest feature, but the TokenRequest features is not enabled"))
|
||||
errs = append(errs, errors.New("the BoundServiceAccountTokenVolume feature depends on the TokenRequest feature, but the TokenRequest features is not enabled"))
|
||||
}
|
||||
|
||||
if !enableAttempted && utilfeature.DefaultFeatureGate.Enabled(features.BoundServiceAccountTokenVolume) {
|
||||
errors = append(errors, fmt.Errorf("--service-account-signing-key-file and --service-account-issuer are required flags"))
|
||||
errs = append(errs, errors.New("--service-account-signing-key-file and --service-account-issuer are required flags"))
|
||||
}
|
||||
|
||||
if enableAttempted && !enableSucceeded {
|
||||
errors = append(errors, fmt.Errorf("--service-account-signing-key-file, --service-account-issuer, and --api-audiences should be specified together"))
|
||||
errs = append(errs, errors.New("--service-account-signing-key-file, --service-account-issuer, and --api-audiences should be specified together"))
|
||||
}
|
||||
|
||||
return errors
|
||||
return errs
|
||||
}
|
||||
|
||||
// Validate checks ServerRunOptions and return a slice of found errors.
|
||||
// Validate checks ServerRunOptions and return a slice of found errs.
|
||||
func (s *ServerRunOptions) Validate() []error {
|
||||
var errors []error
|
||||
if errs := s.Etcd.Validate(); len(errs) > 0 {
|
||||
errors = append(errors, errs...)
|
||||
}
|
||||
if errs := validateClusterIPFlags(s); len(errs) > 0 {
|
||||
errors = append(errors, errs...)
|
||||
}
|
||||
if errs := validateServiceNodePort(s); len(errs) > 0 {
|
||||
errors = append(errors, errs...)
|
||||
}
|
||||
if errs := s.SecureServing.Validate(); len(errs) > 0 {
|
||||
errors = append(errors, errs...)
|
||||
}
|
||||
if errs := s.Authentication.Validate(); len(errs) > 0 {
|
||||
errors = append(errors, errs...)
|
||||
}
|
||||
if errs := s.Authorization.Validate(); len(errs) > 0 {
|
||||
errors = append(errors, errs...)
|
||||
}
|
||||
if errs := s.Audit.Validate(); len(errs) > 0 {
|
||||
errors = append(errors, errs...)
|
||||
}
|
||||
if errs := s.Admission.Validate(); len(errs) > 0 {
|
||||
errors = append(errors, errs...)
|
||||
}
|
||||
if errs := s.InsecureServing.Validate(); len(errs) > 0 {
|
||||
errors = append(errors, errs...)
|
||||
}
|
||||
var errs []error
|
||||
if s.MasterCount <= 0 {
|
||||
errors = append(errors, fmt.Errorf("--apiserver-count should be a positive number, but value '%d' provided", s.MasterCount))
|
||||
}
|
||||
if errs := s.APIEnablement.Validate(legacyscheme.Scheme, apiextensionsapiserver.Scheme, aggregatorscheme.Scheme); len(errs) > 0 {
|
||||
errors = append(errors, errs...)
|
||||
}
|
||||
if errs := validateTokenRequest(s); len(errs) > 0 {
|
||||
errors = append(errors, errs...)
|
||||
errs = append(errs, fmt.Errorf("--apiserver-count should be a positive number, but value '%d' provided", s.MasterCount))
|
||||
}
|
||||
errs = append(errs, s.Etcd.Validate()...)
|
||||
errs = append(errs, validateClusterIPFlags(s)...)
|
||||
errs = append(errs, validateServiceNodePort(s)...)
|
||||
errs = append(errs, s.SecureServing.Validate()...)
|
||||
errs = append(errs, s.Authentication.Validate()...)
|
||||
errs = append(errs, s.Authorization.Validate()...)
|
||||
errs = append(errs, s.Audit.Validate()...)
|
||||
errs = append(errs, s.Admission.Validate()...)
|
||||
errs = append(errs, s.InsecureServing.Validate()...)
|
||||
errs = append(errs, s.APIEnablement.Validate(legacyscheme.Scheme, apiextensionsapiserver.Scheme, aggregatorscheme.Scheme)...)
|
||||
errs = append(errs, validateTokenRequest(s)...)
|
||||
|
||||
return errors
|
||||
return errs
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue