github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

kubeadm: add validation of ImagePullPolicy in the API

Browse Source 
The validation is currently performed on runtime during the
ImagePull preflight check. Given this is an API add the validation
under apis/kubeadm.
This commit is contained in:
Lubomir I. Ivanov
2024-01-05 16:11:20 +02:00
parent 754ffa3477
commit 510df7eab1
2 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
cmd/kubeadm/app/apis/kubeadm/validation/validation.go
View File

@@ -29,6 +29,7 @@ import (
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/spf13/pflag" "github.com/spf13/pflag"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apimachinery/pkg/util/validation" "k8s.io/apimachinery/pkg/util/validation"
"k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/apimachinery/pkg/util/validation/field"
@@ -135,6 +136,7 @@ func ValidateNodeRegistrationOptions(nro *kubeadm.NodeRegistrationOptions, fldPa
} }
allErrs = append(allErrs, ValidateSocketPath(nro.CRISocket, fldPath.Child("criSocket"))...) allErrs = append(allErrs, ValidateSocketPath(nro.CRISocket, fldPath.Child("criSocket"))...)
allErrs = append(allErrs, ValidateExtraArgs(nro.KubeletExtraArgs, fldPath.Child("kubeletExtraArgs"))...) allErrs = append(allErrs, ValidateExtraArgs(nro.KubeletExtraArgs, fldPath.Child("kubeletExtraArgs"))...)
allErrs = append(allErrs, ValidateImagePullPolicy(nro.ImagePullPolicy, fldPath.Child("imagePullPolicy"))...)
// TODO: Maybe validate .Taints as well in the future using something like validateNodeTaints() in pkg/apis/core/validation // TODO: Maybe validate .Taints as well in the future using something like validateNodeTaints() in pkg/apis/core/validation
return allErrs return allErrs
} }
@@ -739,3 +741,15 @@ func ValidateUnmountFlags(flags []string, fldPath *field.Path) field.ErrorList {
return allErrs return allErrs
} }
// ValidateImagePullPolicy validates if the user specified pull policy is correct
func ValidateImagePullPolicy(policy corev1.PullPolicy, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
switch policy {
case "", corev1.PullAlways, corev1.PullIfNotPresent, corev1.PullNever:
return allErrs
default:
allErrs = append(allErrs, field.Invalid(fldPath, policy, "invalid pull policy"))
return allErrs
}
}

32
cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go
View File

@@ -24,6 +24,7 @@ import (
"github.com/spf13/pflag" "github.com/spf13/pflag"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
"k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/apimachinery/pkg/util/validation/field"
@@ -1503,3 +1504,34 @@ func TestValidateUnmountFlags(t *testing.T) {
} }
} }
} }
func TestPullPolicy(t *testing.T) {
var tests = []struct {
name string
policy string
expectedErrors int
}{
{
name: "empty policy causes no errors", // gets defaulted
policy: "",
expectedErrors: 0,
},
{
name: "invalid policy",
policy: "foo",
expectedErrors: 1,
},
{
name: "valid policy",
policy: "IfNotPresent",
expectedErrors: 0,
},
}
for _, tc := range tests {
actual := ValidateImagePullPolicy(corev1.PullPolicy(tc.policy), nil)
if len(actual) != tc.expectedErrors {
t.Errorf("case %q:\n\t expected errors: %v\n\t got: %v\n\t errors: %v", tc.name, tc.expectedErrors, len(actual), actual)
}
}
}