Merge pull request #65900 from bart0sh/PR0020-cri-socket-not-abspath

Automatic merge from submit-queue (batch tested with PRs 65899, 65900). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. fix CRI socket validatioin **What this PR does / why we need it**: CRI socket doesn't have to be an absolute path, it should be an url. However, attempt to use it as an url in 'kubeadm init' command line causes this validation error: $ sudo ./kubeadm init --cri-socket unix:///var/run/crio/crio.sock nodeRegistration.criSocket: Invalid value: "unix:///var/run/crio/crio.sock": path is not absolute Fixed by adding ValidateSocket function and using it in the ValidateNodeRegistrationOptions check instead of ValidateAbsolutePath. **Which issue(s) this PR fixes** : [#928](https://github.com/kubernetes/kubeadm/issues/928) **Release note**: ```release-note NONE ```
2018-07-13 10:10:05 -07:00 · 2018-07-13 10:10:05 -07:00 · c174e4121f
parent 9327662313 2c764c4b7f
commit c174e4121f
5 changed files with 40 additions and 9 deletions
--- a/cmd/kubeadm/app/apis/kubeadm/v1alpha3/defaults_unix.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1alpha3/defaults_unix.go
@ -20,3 +20,6 @@ package v1alpha3

 // DefaultCACertPath defines default location of CA certificate on Linux
 const DefaultCACertPath = "/etc/kubernetes/pki/ca.crt"
+
+// DefaultSocketUrlScheme defines default socket url prefix
+const DefaultUrlScheme = "unix"
--- a/cmd/kubeadm/app/apis/kubeadm/v1alpha3/defaults_windows.go
+++ b/cmd/kubeadm/app/apis/kubeadm/v1alpha3/defaults_windows.go
@ -20,3 +20,6 @@ package v1alpha3

 // DefaultCACertPath defines default location of CA certificate on Windows
 const DefaultCACertPath = "C:/etc/kubernetes/pki/ca.crt"
+
+// DefaultSocketUrlScheme defines default socket url prefix
+const DefaultUrlScheme = "tcp"
--- a/cmd/kubeadm/app/apis/kubeadm/validation/BUILD
+++ b/cmd/kubeadm/app/apis/kubeadm/validation/BUILD
@ -7,6 +7,7 @@ go_library(
    visibility = ["//visibility:public"],
    deps = [
        "//cmd/kubeadm/app/apis/kubeadm:go_default_library",
+        "//cmd/kubeadm/app/apis/kubeadm/v1alpha3:go_default_library",
        "//cmd/kubeadm/app/componentconfigs:go_default_library",
        "//cmd/kubeadm/app/constants:go_default_library",
        "//cmd/kubeadm/app/features:go_default_library",
@ -28,6 +29,7 @@ go_test(
    embed = [":go_default_library"],
    deps = [
        "//cmd/kubeadm/app/apis/kubeadm:go_default_library",
+        "//cmd/kubeadm/app/apis/kubeadm/v1alpha3:go_default_library",
        "//pkg/proxy/apis/kubeproxyconfig:go_default_library",
        "//pkg/util/pointer:go_default_library",
        "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
--- a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go
+++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go
@ -32,6 +32,7 @@ import (
 	bootstrapapi "k8s.io/client-go/tools/bootstrap/token/api"
 	bootstraputil "k8s.io/client-go/tools/bootstrap/token/util"
 	"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
+	kubeadmapiv1alpha3 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha3"
 	"k8s.io/kubernetes/cmd/kubeadm/app/componentconfigs"
 	"k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	"k8s.io/kubernetes/cmd/kubeadm/app/features"
@ -75,7 +76,7 @@ func ValidateNodeRegistrationOptions(nro *kubeadm.NodeRegistrationOptions, fldPa
 	} else {
 		allErrs = append(allErrs, apivalidation.ValidateDNS1123Subdomain(nro.Name, field.NewPath("name"))...)
 	}
-	allErrs = append(allErrs, ValidateAbsolutePath(nro.CRISocket, fldPath.Child("criSocket"))...)
+	allErrs = append(allErrs, ValidateSocketPath(nro.CRISocket, fldPath.Child("criSocket"))...)
 	// TODO: Maybe validate .Taints as well in the future using something like validateNodeTaints() in pkg/apis/core/validation
 	return allErrs
 }
@ -407,3 +408,23 @@ func ValidateIgnorePreflightErrors(ignorePreflightErrors []string, skipPreflight

 	return ignoreErrors, allErrs.ToAggregate()
 }
+
+// ValidateSocketPath validates format of socket path or url
+func ValidateSocketPath(socket string, fldPath *field.Path) field.ErrorList {
+	allErrs := field.ErrorList{}
+
+	u, err := url.Parse(socket)
+	if err != nil {
+		return append(allErrs, field.Invalid(fldPath, socket, fmt.Sprintf("url parsing error: %v", err)))
+	}
+
+	if u.Scheme == "" {
+		if !filepath.IsAbs(u.Path) {
+			return append(allErrs, field.Invalid(fldPath, socket, fmt.Sprintf("path is not absolute: %s", socket)))
+		}
+	} else if u.Scheme != kubeadmapiv1alpha3.DefaultUrlScheme {
+		return append(allErrs, field.Invalid(fldPath, socket, fmt.Sprintf("url scheme %s is not supported", u.Scheme)))
+	}
+
+	return allErrs
+}
--- a/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go
+++ b/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go
@ -27,6 +27,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
+	kubeadmapiv1alpha3 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1alpha3"
 	"k8s.io/kubernetes/pkg/proxy/apis/kubeproxyconfig"
 	utilpointer "k8s.io/kubernetes/pkg/util/pointer"
 )
@ -108,14 +109,15 @@ func TestValidateNodeRegistrationOptions(t *testing.T) {
 		criSocket      string
 		expectedErrors bool
 	}{
-		{"", "/some/path", true},                                                      // node name can't be empty
-		{"valid-nodename", "", true},                                                  // crisocket can't be empty
-		{"INVALID-NODENAME", "/some/path", true},                                      // Upper cases is invalid
-		{"invalid-nodename-", "/some/path", true},                                     // Can't have trailing dashes
-		{"invalid-node?name", "/some/path", true},                                     // Unsupported characters
-		{"valid-nodename", "relative/path", true},                                     // crisocket must be an absolute path
-		{"valid-nodename", "/some/path", false},                                       // supported
-		{"valid-nodename-with-numbers01234", "/some/path/with/numbers/01234/", false}, // supported, with numbers as well
+		{"", "/some/path", true},                                                              // node name can't be empty
+		{"INVALID-NODENAME", "/some/path", true},                                              // Upper cases is invalid
+		{"invalid-nodename-", "/some/path", true},                                             // Can't have trailing dashes
+		{"invalid-node?name", "/some/path", true},                                             // Unsupported characters
+		{"valid-nodename", "/some/path", false},                                               // supported
+		{"valid-nodename-with-numbers01234", "/some/path/with/numbers/01234/", false},         // supported, with numbers as well
+		{"valid-nodename", kubeadmapiv1alpha3.DefaultUrlScheme + "://" + "/some/path", false}, // supported, with socket url
+		{"valid-nodename", "bla:///some/path", true},                                          // unsupported url scheme
+		{"valid-nodename", ":::", true},                                                       // unparseable url
 	}
 	for _, rt := range tests {
 		nro := kubeadm.NodeRegistrationOptions{Name: rt.nodeName, CRISocket: rt.criSocket}