Merge pull request #56615 from hzxuzhonghu/validate-admission-control

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

validate admission-control startup param

**What this PR does / why we need it**:

validate admission plugins, if not registered, return err to prevent going on until call AdmissionOptions.ApplyTo.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #56614

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```

cmd/kube-apiserver/app/options/validation.go

@@ -66,6 +66,9 @@ func (options *ServerRunOptions) Validate() []error {
 	if errs := options.Audit.Validate(); len(errs) > 0 {
 		errors = append(errors, errs...)
 	}
+	if errs := options.Admission.Validate(); len(errs) > 0 {
+		errors = append(errors, errs...)
+	}
 	if errs := options.InsecureServing.Validate("insecure-port"); len(errs) > 0 {
 		errors = append(errors, errs...)
 	}

staging/src/k8s.io/apiserver/pkg/server/options/admission.go

@@ -22,6 +22,7 @@ import (
 
 	"github.com/spf13/pflag"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apiserver/pkg/admission"
 	"k8s.io/apiserver/pkg/admission/initializer"
 	admissionmetrics "k8s.io/apiserver/pkg/admission/metrics"
@@ -129,7 +130,19 @@ func (a *AdmissionOptions) ApplyTo(
 }
 
 func (a *AdmissionOptions) Validate() []error {
+	if a == nil {
+		return nil
+	}
+
 	errs := []error{}
+
+	registeredPlugins := sets.NewString(a.Plugins.Registered()...)
+	for _, name := range a.PluginNames {
+		if !registeredPlugins.Has(name) {
+			errs = append(errs, fmt.Errorf("admission-control plugin %q is invalid", name))
+		}
+	}
+
 	return errs
 }