Validate the minimum subnet cidr so there are always 10 available addresses

2017-02-06 19:34:06 +02:00 · 2017-02-06 19:34:06 +02:00 · 667dc64e79
parent d6f7ae2ffb
commit 667dc64e79
3 changed files with 23 additions and 0 deletions
--- a/cmd/kubeadm/app/apis/kubeadm/validation/BUILD
+++ b/cmd/kubeadm/app/apis/kubeadm/validation/BUILD
@ -13,6 +13,7 @@ go_library(
    tags = ["automanaged"],
    deps = [
        "//cmd/kubeadm/app/apis/kubeadm:go_default_library",
+        "//cmd/kubeadm/app/constants:go_default_library",
        "//vendor:k8s.io/apimachinery/pkg/util/validation/field",
    ],
 )
--- a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go
+++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go
@ -17,13 +17,18 @@ limitations under the License.
 package validation

 import (
+	"math"
+	"net"
+
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
+	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
 )

 func ValidateMasterConfiguration(c *kubeadm.MasterConfiguration) field.ErrorList {
 	allErrs := field.ErrorList{}
 	allErrs = append(allErrs, ValidateDiscovery(&c.Discovery, field.NewPath("discovery"))...)
+	allErrs = append(allErrs, ValidateDiscovery(&c.Discovery, field.NewPath("service subnet"))...)
 	return allErrs
 }

@ -68,3 +73,16 @@ func ValidateTokenDiscovery(c *kubeadm.TokenDiscovery, fldPath *field.Path) fiel
 	allErrs := field.ErrorList{}
 	return allErrs
 }
+
+func ValidateServiceSubnet(subnet string, fldPath *field.Path) field.ErrorList {
+	_, svcSubnet, err := net.ParseCIDR(subnet)
+	if err != nil {
+		return field.ErrorList{field.Invalid(fldPath, nil, "couldn't parse the service subnet")}
+	}
+	cidrBytesMask, _ := svcSubnet.Mask.Size()
+	numAddresses := int32(math.Pow(2, float64(32-cidrBytesMask)))
+	if numAddresses < kubeadmconstants.MinimumAddressesInServiceSubnet {
+		return field.ErrorList{field.Invalid(fldPath, nil, "service subnet is too small")}
+	}
+	return field.ErrorList{}
+}
--- a/cmd/kubeadm/app/constants/constants.go
+++ b/cmd/kubeadm/app/constants/constants.go
@ -48,4 +48,8 @@ const (

 	// APICallRetryInterval defines how long kubeadm should wait before retrying a failed API operation
 	APICallRetryInterval = 500 * time.Millisecond
+
+	// Minimum amount of nodes the Service subnet should allow.
+	// We need at least ten, because the DNS service is always at the tenth cluster clusterIP
+	MinimumAddressesInServiceSubnet = 10
 )