Skip to content

Commit

Permalink
KCP: Allow mutation of all fields that should be mutable
Browse files Browse the repository at this point in the history
Signed-off-by: Stefan Büringer [email protected]
  • Loading branch information
sbueringer authored and k8s-infra-cherrypick-robot committed Dec 15, 2023
1 parent a2b7b10 commit cb16bed
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 35 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -139,12 +139,20 @@ func (in *KubeadmControlPlane) ValidateUpdate(old runtime.Object) (admission.War
// add a * to indicate everything beneath is ok.
// For example, {"spec", "*"} will allow any path under "spec" to change.
allowedPaths := [][]string{
// metadata
{"metadata", "*"},
{spec, kubeadmConfigSpec, "useExperimentalRetryJoin"},
// spec.kubeadmConfigSpec.clusterConfiguration
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "imageRepository"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "imageTag"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "extraArgs"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "extraArgs", "*"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "dataDir"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "peerCertSANs"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "serverCertSANs"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "external", "endpoints"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "external", "caFile"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "external", "certFile"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "external", "keyFile"},
{spec, kubeadmConfigSpec, clusterConfiguration, "dns", "imageRepository"},
{spec, kubeadmConfigSpec, clusterConfiguration, "dns", "imageTag"},
{spec, kubeadmConfigSpec, clusterConfiguration, "imageRepository"},
Expand All @@ -154,16 +162,27 @@ func (in *KubeadmControlPlane) ValidateUpdate(old runtime.Object) (admission.War
{spec, kubeadmConfigSpec, clusterConfiguration, controllerManager, "*"},
{spec, kubeadmConfigSpec, clusterConfiguration, scheduler},
{spec, kubeadmConfigSpec, clusterConfiguration, scheduler, "*"},
// spec.kubeadmConfigSpec.initConfiguration
{spec, kubeadmConfigSpec, initConfiguration, nodeRegistration},
{spec, kubeadmConfigSpec, initConfiguration, nodeRegistration, "*"},
{spec, kubeadmConfigSpec, initConfiguration, patches, directory},
{spec, kubeadmConfigSpec, initConfiguration, patches},
{spec, kubeadmConfigSpec, initConfiguration, skipPhases},
{spec, kubeadmConfigSpec, initConfiguration, "bootstrapTokens"},
{spec, kubeadmConfigSpec, initConfiguration, "localAPIEndpoint"},
{spec, kubeadmConfigSpec, initConfiguration, "localAPIEndpoint", "*"},
// spec.kubeadmConfigSpec.joinConfiguration
{spec, kubeadmConfigSpec, joinConfiguration, nodeRegistration},
{spec, kubeadmConfigSpec, joinConfiguration, nodeRegistration, "*"},
{spec, kubeadmConfigSpec, joinConfiguration, patches, directory},
{spec, kubeadmConfigSpec, joinConfiguration, patches},
{spec, kubeadmConfigSpec, joinConfiguration, skipPhases},
{spec, kubeadmConfigSpec, joinConfiguration, "caCertPath"},
{spec, kubeadmConfigSpec, joinConfiguration, "controlPlane"},
{spec, kubeadmConfigSpec, joinConfiguration, "controlPlane", "*"},
{spec, kubeadmConfigSpec, joinConfiguration, "discovery"},
{spec, kubeadmConfigSpec, joinConfiguration, "discovery", "*"},
// spec.kubeadmConfigSpec
{spec, kubeadmConfigSpec, preKubeadmCommands},
{spec, kubeadmConfigSpec, postKubeadmCommands},
{spec, kubeadmConfigSpec, files},
Expand All @@ -177,6 +196,8 @@ func (in *KubeadmControlPlane) ValidateUpdate(old runtime.Object) (admission.War
{spec, kubeadmConfigSpec, diskSetup, "*"},
{spec, kubeadmConfigSpec, "format"},
{spec, kubeadmConfigSpec, "mounts"},
{spec, kubeadmConfigSpec, "useExperimentalRetryJoin"},
// spec.machineTemplate
{spec, "machineTemplate", "metadata"},
{spec, "machineTemplate", "metadata", "*"},
{spec, "machineTemplate", "infrastructureRef", "apiVersion"},
Expand All @@ -185,6 +206,7 @@ func (in *KubeadmControlPlane) ValidateUpdate(old runtime.Object) (admission.War
{spec, "machineTemplate", "nodeDrainTimeout"},
{spec, "machineTemplate", "nodeVolumeDetachTimeout"},
{spec, "machineTemplate", "nodeDeletionTimeout"},
// spec
{spec, "replicas"},
{spec, "version"},
{spec, "remediationStrategy"},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -353,18 +353,12 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) {
wrongReplicaCountForScaleIn := before.DeepCopy()
wrongReplicaCountForScaleIn.Spec.RolloutStrategy.RollingUpdate.MaxSurge.IntVal = int32(0)

invalidUpdateKubeadmConfigInit := before.DeepCopy()
invalidUpdateKubeadmConfigInit.Spec.KubeadmConfigSpec.InitConfiguration = &bootstrapv1.InitConfiguration{}

validUpdateKubeadmConfigInit := before.DeepCopy()
validUpdateKubeadmConfigInit.Spec.KubeadmConfigSpec.InitConfiguration.NodeRegistration = bootstrapv1.NodeRegistrationOptions{}

invalidUpdateKubeadmConfigCluster := before.DeepCopy()
invalidUpdateKubeadmConfigCluster.Spec.KubeadmConfigSpec.ClusterConfiguration = &bootstrapv1.ClusterConfiguration{}

invalidUpdateKubeadmConfigJoin := before.DeepCopy()
invalidUpdateKubeadmConfigJoin.Spec.KubeadmConfigSpec.JoinConfiguration = &bootstrapv1.JoinConfiguration{}

validUpdateKubeadmConfigJoin := before.DeepCopy()
validUpdateKubeadmConfigJoin.Spec.KubeadmConfigSpec.JoinConfiguration.NodeRegistration = bootstrapv1.NodeRegistrationOptions{}

Expand Down Expand Up @@ -559,8 +553,6 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) {
localDataDir.Spec.KubeadmConfigSpec.ClusterConfiguration.Etcd.Local = &bootstrapv1.LocalEtcd{
DataDir: "some local data dir",
}
modifyLocalDataDir := localDataDir.DeepCopy()
modifyLocalDataDir.Spec.KubeadmConfigSpec.ClusterConfiguration.Etcd.Local.DataDir = "a different local data dir"

localPeerCertSANs := before.DeepCopy()
localPeerCertSANs.Spec.KubeadmConfigSpec.ClusterConfiguration.Etcd.Local = &bootstrapv1.LocalEtcd{
Expand Down Expand Up @@ -689,12 +681,6 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) {
before: before,
kcp: validUpdate,
},
{
name: "should return error when trying to mutate the kubeadmconfigspec initconfiguration",
expectErr: true,
before: before,
kcp: invalidUpdateKubeadmConfigInit,
},
{
name: "should not return an error when trying to mutate the kubeadmconfigspec initconfiguration noderegistration",
expectErr: false,
Expand All @@ -707,12 +693,6 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) {
before: before,
kcp: invalidUpdateKubeadmConfigCluster,
},
{
name: "should return error when trying to mutate the kubeadmconfigspec joinconfiguration",
expectErr: true,
before: before,
kcp: invalidUpdateKubeadmConfigJoin,
},
{
name: "should not return an error when trying to mutate the kubeadmconfigspec joinconfiguration noderegistration",
expectErr: false,
Expand Down Expand Up @@ -875,20 +855,20 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) {
kcp: featureGates,
},
{
name: "should fail when making a change to the cluster config's local etcd's configuration localDataDir field",
expectErr: true,
name: "should succeed when making a change to the cluster config's local etcd's configuration localDataDir field",
expectErr: false,
before: before,
kcp: localDataDir,
},
{
name: "should fail when making a change to the cluster config's local etcd's configuration localPeerCertSANs field",
expectErr: true,
name: "should succeed when making a change to the cluster config's local etcd's configuration localPeerCertSANs field",
expectErr: false,
before: before,
kcp: localPeerCertSANs,
},
{
name: "should fail when making a change to the cluster config's local etcd's configuration localServerCertSANs field",
expectErr: true,
name: "should succeed when making a change to the cluster config's local etcd's configuration localServerCertSANs field",
expectErr: false,
before: before,
kcp: localServerCertSANs,
},
Expand All @@ -899,8 +879,8 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) {
kcp: localExtraArgs,
},
{
name: "should fail when making a change to the cluster config's external etcd's configuration",
expectErr: true,
name: "should succeed when making a change to the cluster config's external etcd's configuration",
expectErr: false,
before: before,
kcp: externalEtcd,
},
Expand All @@ -910,12 +890,6 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) {
before: etcdLocalImageTag,
kcp: unsetEtcd,
},
{
name: "should fail when modifying a field that is not the local etcd image metadata",
expectErr: true,
before: localDataDir,
kcp: modifyLocalDataDir,
},
{
name: "should fail if both local and external etcd are set",
expectErr: true,
Expand Down

0 comments on commit cb16bed

Please sign in to comment.