github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

unittests: Fixes cmd unit tests for Windows

Browse Source 
Currently, there are some unit tests that are failing on Windows due to
various reasons:

- filepath.IsAbs does not consider "/" or "\" as absolute paths, even
  though files can be addressed as such.
- paths not properly joined (filepath.Join should be used).
- files not closed, which means that they cannot be removed / renamed.
- some assertions fail due to slashes / backslashes not matching.
- backslashes need to be escaped in yaml files, or put between ''
instead of "".
This commit is contained in:
Claudiu Belu
2022-07-11 23:10:05 +03:00
parent 76277917b9
commit d192029e6a
13 changed files with 340 additions and 267 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
cmd/kubeadm/app/apis/kubeadm/validation/util_unix.go Normal file
View File

@@ -0,0 +1,28 @@
//go:build !windows
// +build !windows
/*
Copyright 2022 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package validation
import (
"path/filepath"
)
func isAbs(path string) bool {
return filepath.IsAbs(path)
}

30
cmd/kubeadm/app/apis/kubeadm/validation/util_windows.go Normal file
View File

@@ -0,0 +1,30 @@
//go:build windows
// +build windows
/*
Copyright 2022 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package validation
import (
"path/filepath"
)
func isAbs(path string) bool {
// on Windows, filepath.IsAbs will not return True for paths prefixed with a slash, even
// though they can be used as absolute paths (https://docs.microsoft.com/en-us/dotnet/standard/io/file-path-formats).
return filepath.IsAbs(path) || (len(path) > 0 && (path[0] == '\\' || path[0] == '/'))
}

5
cmd/kubeadm/app/apis/kubeadm/validation/validation.go
View File

@@ -21,7 +21,6 @@ import (
"net"
"net/url"
"os"
"path/filepath"
"strconv"
"strings"
@@ -86,7 +85,7 @@ func ValidateJoinConfiguration(c *kubeadm.JoinConfiguration) field.ErrorList {
allErrs = append(allErrs, ValidateNodeRegistrationOptions(&c.NodeRegistration, field.NewPath("nodeRegistration"))...)
allErrs = append(allErrs, ValidateJoinControlPlane(c.ControlPlane, field.NewPath("controlPlane"))...)
if !filepath.IsAbs(c.CACertPath) || !strings.HasSuffix(c.CACertPath, ".crt") {
if !isAbs(c.CACertPath) || !strings.HasSuffix(c.CACertPath, ".crt") {
allErrs = append(allErrs, field.Invalid(field.NewPath("caCertPath"), c.CACertPath, "the ca certificate path must be an absolute path"))
}
return allErrs
@@ -525,7 +524,7 @@ func ValidateNetworking(c *kubeadm.ClusterConfiguration, fldPath *field.Path) fi
// ValidateAbsolutePath validates whether provided path is absolute or not
func ValidateAbsolutePath(path string, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
if !filepath.IsAbs(path) {
if !isAbs(path) {
allErrs = append(allErrs, field.Invalid(fldPath, path, "path is not absolute"))
}
return allErrs

27
cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go
View File

@@ -17,6 +17,7 @@ limitations under the License.
package validation
import (
"fmt"
"os"
"strings"
"testing"
@@ -110,8 +111,9 @@ func TestValidateNodeRegistrationOptions(t *testing.T) {
{"valid-nodename", false}, // supported
// test cases for criSocket are covered in TestValidateSocketPath
}
criPath := fmt.Sprintf("%s:///some/path", kubeadmapiv1.DefaultContainerRuntimeURLScheme)
for _, rt := range tests {
nro := kubeadmapi.NodeRegistrationOptions{Name: rt.nodeName, CRISocket: "unix:///some/path"}
nro := kubeadmapi.NodeRegistrationOptions{Name: rt.nodeName, CRISocket: criPath}
actual := ValidateNodeRegistrationOptions(&nro, field.NewPath("nodeRegistration"))
actualErrors := len(actual) > 0
if actualErrors != rt.expectedErrors {
@@ -456,6 +458,7 @@ func TestValidateAPIEndpoint(t *testing.T) {
// TODO: Create a separated test for ValidateClusterConfiguration
func TestValidateInitConfiguration(t *testing.T) {
nodename := "valid-nodename"
criPath := fmt.Sprintf("%s:///some/path", kubeadmapiv1.DefaultContainerRuntimeURLScheme)
var tests = []struct {
name string
s *kubeadmapi.InitConfiguration
@@ -476,7 +479,7 @@ func TestValidateInitConfiguration(t *testing.T) {
},
CertificatesDir: "/some/cert/dir",
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath},
}, false},
{"invalid missing token with IPv6 service subnet",
&kubeadmapi.InitConfiguration{
@@ -491,7 +494,7 @@ func TestValidateInitConfiguration(t *testing.T) {
},
CertificatesDir: "/some/cert/dir",
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath},
}, false},
{"invalid missing node name",
&kubeadmapi.InitConfiguration{
@@ -521,7 +524,7 @@ func TestValidateInitConfiguration(t *testing.T) {
},
CertificatesDir: "/some/other/cert/dir",
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath},
}, false},
{"valid InitConfiguration with IPv4 service subnet",
&kubeadmapi.InitConfiguration{
@@ -542,7 +545,7 @@ func TestValidateInitConfiguration(t *testing.T) {
},
CertificatesDir: "/some/other/cert/dir",
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath},
}, true},
{"valid InitConfiguration using IPv6 service subnet",
&kubeadmapi.InitConfiguration{
@@ -562,7 +565,7 @@ func TestValidateInitConfiguration(t *testing.T) {
},
CertificatesDir: "/some/other/cert/dir",
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: "unix:///some/path"},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{Name: nodename, CRISocket: criPath},
}, true},
}
for _, rt := range tests {
@@ -579,6 +582,7 @@ func TestValidateInitConfiguration(t *testing.T) {
}
func TestValidateJoinConfiguration(t *testing.T) {
criPath := fmt.Sprintf("%s:///var/run/containerd/containerd.sock", kubeadmapiv1.DefaultContainerRuntimeURLScheme)
var tests = []struct {
s *kubeadmapi.JoinConfiguration
expected bool
@@ -607,7 +611,7 @@ func TestValidateJoinConfiguration(t *testing.T) {
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{
Name: "aaa",
CRISocket: "unix:///var/run/containerd/containerd.sock",
CRISocket: criPath,
},
}, true},
{&kubeadmapi.JoinConfiguration{ // Pass with JoinControlPlane
@@ -622,7 +626,7 @@ func TestValidateJoinConfiguration(t *testing.T) {
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{
Name: "aaa",
CRISocket: "unix:///var/run/containerd/containerd.sock",
CRISocket: criPath,
},
ControlPlane: &kubeadmapi.JoinControlPlane{
LocalAPIEndpoint: kubeadmapi.APIEndpoint{
@@ -643,7 +647,7 @@ func TestValidateJoinConfiguration(t *testing.T) {
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{
Name: "aaa",
CRISocket: "unix:///var/run/containerd/containerd.sock",
CRISocket: criPath,
},
ControlPlane: &kubeadmapi.JoinControlPlane{
LocalAPIEndpoint: kubeadmapi.APIEndpoint{
@@ -664,7 +668,7 @@ func TestValidateJoinConfiguration(t *testing.T) {
},
NodeRegistration: kubeadmapi.NodeRegistrationOptions{
Name: "aaa",
CRISocket: "unix:///var/run/containerd/containerd.sock",
CRISocket: criPath,
},
ControlPlane: &kubeadmapi.JoinControlPlane{
LocalAPIEndpoint: kubeadmapi.APIEndpoint{
@@ -1124,9 +1128,10 @@ func TestValidateEtcd(t *testing.T) {
actual := ValidateEtcd(tc.etcd, field.NewPath("etcd"))
actualErrors := len(actual) > 0
if actualErrors != tc.expectedErrors {
t.Errorf("Error: \n\texpected: %t\n\t actual: %t",
t.Errorf("Error: \n\texpected: %t\n\t actual: %t\n\t encountered errors: %v",
tc.expectedErrors,
actualErrors,
actual,
)
}
}

9
cmd/kubeadm/app/constants/constants_test.go
View File

@@ -25,7 +25,7 @@ import (
)
func TestGetStaticPodDirectory(t *testing.T) {
expected := "/etc/kubernetes/manifests"
expected := filepath.FromSlash("/etc/kubernetes/manifests")
actual := GetStaticPodDirectory()
if actual != expected {
@@ -51,7 +51,7 @@ func TestGetAdminKubeConfigPath(t *testing.T) {
}
func TestGetBootstrapKubeletKubeConfigPath(t *testing.T) {
expected := "/etc/kubernetes/bootstrap-kubelet.conf"
expected := filepath.FromSlash("/etc/kubernetes/bootstrap-kubelet.conf")
actual := GetBootstrapKubeletKubeConfigPath()
if actual != expected {
@@ -64,7 +64,7 @@ func TestGetBootstrapKubeletKubeConfigPath(t *testing.T) {
}
func TestGetKubeletKubeConfigPath(t *testing.T) {
expected := "/etc/kubernetes/kubelet.conf"
expected := filepath.FromSlash("/etc/kubernetes/kubelet.conf")
actual := GetKubeletKubeConfigPath()
if actual != expected {
@@ -99,7 +99,8 @@ func TestGetStaticPodFilepath(t *testing.T) {
for _, rt := range tests {
t.Run(rt.componentName, func(t *testing.T) {
actual := GetStaticPodFilepath(rt.componentName, rt.manifestsDir)
if actual != rt.expected {
expected := filepath.FromSlash(rt.expected)
if actual != expected {
t.Errorf(
"failed GetStaticPodFilepath:\n\texpected: %s\n\t actual: %s",
rt.expected,

370
cmd/kubeadm/app/phases/controlplane/manifests_test.go
View File

@@ -205,31 +205,31 @@ func TestGetAPIServerCommand(t *testing.T) {
"kube-apiserver",
"--enable-admission-plugins=NodeRestriction",
"--service-cluster-ip-range=bar",
"--service-account-key-file=" + testCertsDir + "/sa.pub",
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
"--enable-bootstrap-token-auth=true",
"--secure-port=123",
"--allow-privileged=true",
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
"--requestheader-username-headers=X-Remote-User",
"--requestheader-group-headers=X-Remote-Group",
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--requestheader-allowed-names=front-proxy-client",
"--authorization-mode=Node,RBAC",
"--advertise-address=1.2.3.4",
fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort),
"--etcd-cafile=" + testCertsDir + "/etcd/ca.crt",
"--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt",
"--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key",
"--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"),
"--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"),
"--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"),
},
},
{
@@ -243,31 +243,31 @@ func TestGetAPIServerCommand(t *testing.T) {
"kube-apiserver",
"--enable-admission-plugins=NodeRestriction",
"--service-cluster-ip-range=bar",
"--service-account-key-file=" + testCertsDir + "/sa.pub",
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
"--enable-bootstrap-token-auth=true",
fmt.Sprintf("--secure-port=%d", 123),
"--allow-privileged=true",
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
"--requestheader-username-headers=X-Remote-User",
"--requestheader-group-headers=X-Remote-Group",
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--requestheader-allowed-names=front-proxy-client",
"--authorization-mode=Node,RBAC",
"--advertise-address=2001:db8::1",
fmt.Sprintf("--etcd-servers=https://[::1]:%d", kubeadmconstants.EtcdListenClientPort),
"--etcd-cafile=" + testCertsDir + "/etcd/ca.crt",
"--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt",
"--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key",
"--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"),
"--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"),
"--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"),
},
},
{
@@ -289,24 +289,24 @@ func TestGetAPIServerCommand(t *testing.T) {
"kube-apiserver",
"--enable-admission-plugins=NodeRestriction",
"--service-cluster-ip-range=bar",
"--service-account-key-file=" + testCertsDir + "/sa.pub",
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
fmt.Sprintf("--secure-port=%d", 123),
"--allow-privileged=true",
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
"--enable-bootstrap-token-auth=true",
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
"--requestheader-username-headers=X-Remote-User",
"--requestheader-group-headers=X-Remote-Group",
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--requestheader-allowed-names=front-proxy-client",
"--authorization-mode=Node,RBAC",
"--advertise-address=2001:db8::1",
@@ -332,24 +332,24 @@ func TestGetAPIServerCommand(t *testing.T) {
"kube-apiserver",
"--enable-admission-plugins=NodeRestriction",
"--service-cluster-ip-range=bar",
"--service-account-key-file=" + testCertsDir + "/sa.pub",
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
fmt.Sprintf("--secure-port=%d", 123),
"--allow-privileged=true",
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
"--enable-bootstrap-token-auth=true",
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
"--requestheader-username-headers=X-Remote-User",
"--requestheader-group-headers=X-Remote-Group",
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--requestheader-allowed-names=front-proxy-client",
"--authorization-mode=Node,RBAC",
"--advertise-address=2001:db8::1",
@@ -377,31 +377,31 @@ func TestGetAPIServerCommand(t *testing.T) {
"kube-apiserver",
"--enable-admission-plugins=NodeRestriction",
"--service-cluster-ip-range=baz",
"--service-account-key-file=" + testCertsDir + "/sa.pub",
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
"--enable-bootstrap-token-auth=true",
"--secure-port=123",
"--allow-privileged=true",
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
"--requestheader-username-headers=X-Remote-User",
"--requestheader-group-headers=X-Remote-Group",
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--requestheader-allowed-names=front-proxy-client",
"--authorization-mode=Node,RBAC",
"--advertise-address=9.9.9.9",
fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort),
"--etcd-cafile=" + testCertsDir + "/etcd/ca.crt",
"--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt",
"--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key",
"--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"),
"--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"),
"--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"),
"--audit-policy-file=/etc/config/audit.yaml",
"--audit-log-path=/var/log/kubernetes",
},
@@ -424,31 +424,31 @@ func TestGetAPIServerCommand(t *testing.T) {
"kube-apiserver",
"--enable-admission-plugins=NodeRestriction",
"--service-cluster-ip-range=bar",
"--service-account-key-file=" + testCertsDir + "/sa.pub",
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
"--enable-bootstrap-token-auth=true",
"--secure-port=123",
"--allow-privileged=true",
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
"--requestheader-username-headers=X-Remote-User",
"--requestheader-group-headers=X-Remote-Group",
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--requestheader-allowed-names=front-proxy-client",
"--authorization-mode=ABAC",
"--advertise-address=1.2.3.4",
fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort),
"--etcd-cafile=" + testCertsDir + "/etcd/ca.crt",
"--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt",
"--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key",
"--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"),
"--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"),
"--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"),
},
},
{
@@ -473,31 +473,31 @@ func TestGetAPIServerCommand(t *testing.T) {
"kube-apiserver",
"--enable-admission-plugins=NodeRestriction",
"--service-cluster-ip-range=bar",
"--service-account-key-file=" + testCertsDir + "/sa.pub",
"--service-account-signing-key-file=" + testCertsDir + "/sa.key",
"--service-account-key-file=" + filepath.Join(testCertsDir, "sa.pub"),
"--service-account-signing-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--service-account-issuer=https://kubernetes.default.svc.cluster.local",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--tls-cert-file=" + testCertsDir + "/apiserver.crt",
"--tls-private-key-file=" + testCertsDir + "/apiserver.key",
"--kubelet-client-certificate=" + testCertsDir + "/apiserver-kubelet-client.crt",
"--kubelet-client-key=" + testCertsDir + "/apiserver-kubelet-client.key",
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--tls-cert-file=" + filepath.Join(testCertsDir, "apiserver.crt"),
"--tls-private-key-file=" + filepath.Join(testCertsDir, "apiserver.key"),
"--kubelet-client-certificate=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.crt"),
"--kubelet-client-key=" + filepath.Join(testCertsDir, "apiserver-kubelet-client.key"),
"--enable-bootstrap-token-auth=true",
"--secure-port=123",
"--allow-privileged=true",
"--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname",
"--proxy-client-cert-file=/var/lib/certs/front-proxy-client.crt",
"--proxy-client-key-file=/var/lib/certs/front-proxy-client.key",
"--proxy-client-cert-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.crt"),
"--proxy-client-key-file=" + filepath.FromSlash("/var/lib/certs/front-proxy-client.key"),
"--requestheader-username-headers=X-Remote-User",
"--requestheader-group-headers=X-Remote-Group",
"--requestheader-extra-headers-prefix=X-Remote-Extra-",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--requestheader-allowed-names=front-proxy-client",
"--authorization-mode=Node,RBAC,Webhook",
"--advertise-address=1.2.3.4",
fmt.Sprintf("--etcd-servers=https://127.0.0.1:%d", kubeadmconstants.EtcdListenClientPort),
"--etcd-cafile=" + testCertsDir + "/etcd/ca.crt",
"--etcd-certfile=" + testCertsDir + "/apiserver-etcd-client.crt",
"--etcd-keyfile=" + testCertsDir + "/apiserver-etcd-client.key",
"--etcd-cafile=" + filepath.Join(testCertsDir, "etcd/ca.crt"),
"--etcd-certfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.crt"),
"--etcd-keyfile=" + filepath.Join(testCertsDir, "apiserver-etcd-client.key"),
},
},
}
@@ -549,17 +549,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--cluster-name=some-other-cluster-name",
},
},
@@ -573,17 +573,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
},
},
{
@@ -597,17 +597,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--allocate-node-cidrs=true",
"--cluster-cidr=10.0.1.15/16",
},
@@ -627,17 +627,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--allocate-node-cidrs=true",
"--cluster-cidr=10.0.1.15/16",
"--service-cluster-ip-range=172.20.0.0/24",
@@ -657,17 +657,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--allocate-node-cidrs=true",
"--cluster-cidr=10.0.1.15/16",
"--node-cidr-mask-size=20",
@@ -689,17 +689,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--allocate-node-cidrs=true",
"--cluster-cidr=2001:db8::/64",
"--service-cluster-ip-range=fd03::/112",
@@ -723,17 +723,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--allocate-node-cidrs=false",
"--cluster-cidr=2001:db8::/64",
"--service-cluster-ip-range=fd03::/112",
@@ -754,17 +754,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--allocate-node-cidrs=true",
"--cluster-cidr=2001:db8::/64,10.1.0.0/16",
"--service-cluster-ip-range=fd03::/112,192.168.0.0/16",
@@ -787,17 +787,17 @@ func TestGetControllerManagerCommand(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + testCertsDir + "/ca.crt",
"--service-account-private-key-file=" + testCertsDir + "/sa.key",
"--cluster-signing-cert-file=" + testCertsDir + "/ca.crt",
"--cluster-signing-key-file=" + testCertsDir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(testCertsDir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(testCertsDir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + testCertsDir + "/ca.crt",
"--requestheader-client-ca-file=" + testCertsDir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(testCertsDir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(testCertsDir, "front-proxy-ca.crt"),
"--allocate-node-cidrs=true",
"--cluster-cidr=10.0.1.15/16,2001:db8::/64",
"--node-cidr-mask-size-ipv4=20",
@@ -840,17 +840,17 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + tmpdir + "/ca.crt",
"--service-account-private-key-file=" + tmpdir + "/sa.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(tmpdir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(tmpdir, "sa.key"),
"--cluster-signing-cert-file=",
"--cluster-signing-key-file=",
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + tmpdir + "/ca.crt",
"--requestheader-client-ca-file=" + tmpdir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(tmpdir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(tmpdir, "front-proxy-ca.crt"),
}
},
},
@@ -869,17 +869,17 @@ func TestGetControllerManagerCommandExternalCA(t *testing.T) {
"kube-controller-manager",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--root-ca-file=" + tmpdir + "/ca.crt",
"--service-account-private-key-file=" + tmpdir + "/sa.key",
"--cluster-signing-cert-file=" + tmpdir + "/ca.crt",
"--cluster-signing-key-file=" + tmpdir + "/ca.key",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--root-ca-file=" + filepath.Join(tmpdir, "ca.crt"),
"--service-account-private-key-file=" + filepath.Join(tmpdir, "sa.key"),
"--cluster-signing-cert-file=" + filepath.Join(tmpdir, "ca.crt"),
"--cluster-signing-key-file=" + filepath.Join(tmpdir, "ca.key"),
"--use-service-account-credentials=true",
"--controllers=*,bootstrapsigner,tokencleaner",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/controller-manager.conf",
"--client-ca-file=" + tmpdir + "/ca.crt",
"--requestheader-client-ca-file=" + tmpdir + "/front-proxy-ca.crt",
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "controller-manager.conf"),
"--client-ca-file=" + filepath.Join(tmpdir, "ca.crt"),
"--requestheader-client-ca-file=" + filepath.Join(tmpdir, "front-proxy-ca.crt"),
}
},
},
@@ -932,9 +932,9 @@ func TestGetSchedulerCommand(t *testing.T) {
"kube-scheduler",
"--bind-address=127.0.0.1",
"--leader-elect=true",
"--kubeconfig=" + kubeadmconstants.KubernetesDir + "/scheduler.conf",
"--authentication-kubeconfig=" + kubeadmconstants.KubernetesDir + "/scheduler.conf",
"--authorization-kubeconfig=" + kubeadmconstants.KubernetesDir + "/scheduler.conf",
"--kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "scheduler.conf"),
"--authentication-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "scheduler.conf"),
"--authorization-kubeconfig=" + filepath.Join(kubeadmconstants.KubernetesDir, "scheduler.conf"),
},
},
}

2
cmd/kubeadm/app/phases/controlplane/volumes.go
View File

@@ -177,7 +177,7 @@ func getEtcdCertVolumes(etcdCfg *kubeadmapi.ExternalEtcd, k8sCertificatesDir str
certPaths := []string{etcdCfg.CAFile, etcdCfg.CertFile, etcdCfg.KeyFile}
certDirs := sets.NewString()
for _, certPath := range certPaths {
certDir := filepath.Dir(certPath)
certDir := filepath.ToSlash(filepath.Dir(certPath))
// Ignore ".", which is the result of passing an empty path.
// Also ignore the cert directories that already may be mounted; /etc/ssl/certs, /etc/pki or Kubernetes CertificatesDir
// If the etcd certs are in there, it's okay, we don't have to do anything

19
cmd/kubeadm/app/phases/controlplane/volumes_test.go
View File

@@ -19,6 +19,7 @@ package controlplane
import (
"fmt"
"os"
"path/filepath"
"reflect"
"testing"
@@ -260,6 +261,8 @@ func TestGetEtcdCertVolumes(t *testing.T) {
func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
hostPathDirectoryOrCreate := v1.HostPathDirectoryOrCreate
hostPathFileOrCreate := v1.HostPathFileOrCreate
controllerManagerConfig := filepath.FromSlash("/etc/kubernetes/controller-manager.conf")
schedulerConfig := filepath.FromSlash("/etc/kubernetes/scheduler.conf")
volMap := make(map[string]map[string]v1.Volume)
volMap[kubeadmconstants.KubeAPIServer] = map[string]v1.Volume{}
volMap[kubeadmconstants.KubeAPIServer]["k8s-certs"] = v1.Volume{
@@ -303,7 +306,7 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
Name: "kubeconfig",
VolumeSource: v1.VolumeSource{
HostPath: &v1.HostPathVolumeSource{
Path: "/etc/kubernetes/controller-manager.conf",
Path: controllerManagerConfig,
Type: &hostPathFileOrCreate,
},
},
@@ -313,7 +316,7 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
Name: "kubeconfig",
VolumeSource: v1.VolumeSource{
HostPath: &v1.HostPathVolumeSource{
Path: "/etc/kubernetes/scheduler.conf",
Path: schedulerConfig,
Type: &hostPathFileOrCreate,
},
},
@@ -343,13 +346,13 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
}
volMountMap[kubeadmconstants.KubeControllerManager]["kubeconfig"] = v1.VolumeMount{
Name: "kubeconfig",
MountPath: "/etc/kubernetes/controller-manager.conf",
MountPath: controllerManagerConfig,
ReadOnly: true,
}
volMountMap[kubeadmconstants.KubeScheduler] = map[string]v1.VolumeMount{}
volMountMap[kubeadmconstants.KubeScheduler]["kubeconfig"] = v1.VolumeMount{
Name: "kubeconfig",
MountPath: "/etc/kubernetes/scheduler.conf",
MountPath: schedulerConfig,
ReadOnly: true,
}
@@ -414,7 +417,7 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
Name: "kubeconfig",
VolumeSource: v1.VolumeSource{
HostPath: &v1.HostPathVolumeSource{
Path: "/etc/kubernetes/controller-manager.conf",
Path: controllerManagerConfig,
Type: &hostPathFileOrCreate,
},
},
@@ -424,7 +427,7 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
Name: "kubeconfig",
VolumeSource: v1.VolumeSource{
HostPath: &v1.HostPathVolumeSource{
Path: "/etc/kubernetes/scheduler.conf",
Path: schedulerConfig,
Type: &hostPathFileOrCreate,
},
},
@@ -464,13 +467,13 @@ func TestGetHostPathVolumesForTheControlPlane(t *testing.T) {
}
volMountMap2[kubeadmconstants.KubeControllerManager]["kubeconfig"] = v1.VolumeMount{
Name: "kubeconfig",
MountPath: "/etc/kubernetes/controller-manager.conf",
MountPath: controllerManagerConfig,
ReadOnly: true,
}
volMountMap2[kubeadmconstants.KubeScheduler] = map[string]v1.VolumeMount{}
volMountMap2[kubeadmconstants.KubeScheduler]["kubeconfig"] = v1.VolumeMount{
Name: "kubeconfig",
MountPath: "/etc/kubernetes/scheduler.conf",
MountPath: schedulerConfig,
ReadOnly: true,
}
var tests = []struct {

48
cmd/kubeadm/app/phases/etcd/local_test.go
View File

@@ -184,13 +184,13 @@ func TestGetEtcdCommand(t *testing.T) {
fmt.Sprintf("--listen-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
fmt.Sprintf("--initial-advertise-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
"--data-dir=/var/lib/etcd",
"--cert-file=" + kubeadmconstants.EtcdServerCertName,
"--key-file=" + kubeadmconstants.EtcdServerKeyName,
"--trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
"--cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerCertName),
"--key-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerKeyName),
"--trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
"--client-cert-auth=true",
"--peer-cert-file=" + kubeadmconstants.EtcdPeerCertName,
"--peer-key-file=" + kubeadmconstants.EtcdPeerKeyName,
"--peer-trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
"--peer-cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerCertName),
"--peer-key-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerKeyName),
"--peer-trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
"--snapshot-count=10000",
"--peer-client-cert-auth=true",
fmt.Sprintf("--initial-cluster=foo=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
@@ -215,13 +215,13 @@ func TestGetEtcdCommand(t *testing.T) {
fmt.Sprintf("--listen-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
fmt.Sprintf("--initial-advertise-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
"--data-dir=/var/lib/etcd",
"--cert-file=" + kubeadmconstants.EtcdServerCertName,
"--key-file=" + kubeadmconstants.EtcdServerKeyName,
"--trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
"--cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerCertName),
"--key-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerKeyName),
"--trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
"--client-cert-auth=true",
"--peer-cert-file=" + kubeadmconstants.EtcdPeerCertName,
"--peer-key-file=" + kubeadmconstants.EtcdPeerKeyName,
"--peer-trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
"--peer-cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerCertName),
"--peer-key-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerKeyName),
"--peer-trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
"--snapshot-count=10000",
"--peer-client-cert-auth=true",
"--initial-cluster-state=existing",
@@ -247,13 +247,13 @@ func TestGetEtcdCommand(t *testing.T) {
fmt.Sprintf("--listen-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
fmt.Sprintf("--initial-advertise-peer-urls=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
"--data-dir=/var/lib/etcd",
"--cert-file=" + kubeadmconstants.EtcdServerCertName,
"--key-file=" + kubeadmconstants.EtcdServerKeyName,
"--trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
"--cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerCertName),
"--key-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerKeyName),
"--trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
"--client-cert-auth=true",
"--peer-cert-file=" + kubeadmconstants.EtcdPeerCertName,
"--peer-key-file=" + kubeadmconstants.EtcdPeerKeyName,
"--peer-trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
"--peer-cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerCertName),
"--peer-key-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerKeyName),
"--peer-trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
"--snapshot-count=10000",
"--peer-client-cert-auth=true",
fmt.Sprintf("--initial-cluster=bar=https://1.2.3.4:%d", kubeadmconstants.EtcdListenPeerPort),
@@ -274,13 +274,13 @@ func TestGetEtcdCommand(t *testing.T) {
fmt.Sprintf("--listen-peer-urls=https://[2001:db8::3]:%d", kubeadmconstants.EtcdListenPeerPort),
fmt.Sprintf("--initial-advertise-peer-urls=https://[2001:db8::3]:%d", kubeadmconstants.EtcdListenPeerPort),
"--data-dir=/var/lib/etcd",
"--cert-file=" + kubeadmconstants.EtcdServerCertName,
"--key-file=" + kubeadmconstants.EtcdServerKeyName,
"--trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
"--cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerCertName),
"--key-file=" + filepath.FromSlash(kubeadmconstants.EtcdServerKeyName),
"--trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
"--client-cert-auth=true",
"--peer-cert-file=" + kubeadmconstants.EtcdPeerCertName,
"--peer-key-file=" + kubeadmconstants.EtcdPeerKeyName,
"--peer-trusted-ca-file=" + kubeadmconstants.EtcdCACertName,
"--peer-cert-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerCertName),
"--peer-key-file=" + filepath.FromSlash(kubeadmconstants.EtcdPeerKeyName),
"--peer-trusted-ca-file=" + filepath.FromSlash(kubeadmconstants.EtcdCACertName),
"--snapshot-count=10000",
"--peer-client-cert-auth=true",
fmt.Sprintf("--initial-cluster=foo=https://[2001:db8::3]:%d", kubeadmconstants.EtcdListenPeerPort),

4
cmd/kubeadm/app/phases/upgrade/postupgrade_test.go
View File

@@ -39,14 +39,14 @@ func TestMoveFiles(t *testing.T) {
if err != nil {
t.Fatalf("Failed to create cert file %s: %v", certPath, err)
}
defer certFile.Close()
certFile.Close()
keyPath := filepath.Join(tmpdir, constants.APIServerKeyName)
keyFile, err := os.OpenFile(keyPath, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0666)
if err != nil {
t.Fatalf("Failed to create key file %s: %v", keyPath, err)
}
defer keyFile.Close()
keyFile.Close()
subDir := filepath.Join(tmpdir, "expired")
if err := os.Mkdir(subDir, 0766); err != nil {

19
cmd/kubeadm/app/util/pkiutil/pki_helpers_test.go
View File

@@ -25,6 +25,7 @@ import (
"fmt"
"net"
"os"
"path/filepath"
"reflect"
"testing"
@@ -538,38 +539,44 @@ func TestTryLoadKeyFromDisk(t *testing.T) {
func TestPathsForCertAndKey(t *testing.T) {
crtPath, keyPath := PathsForCertAndKey("/foo", "bar")
if crtPath != "/foo/bar.crt" {
expectedPath := filepath.FromSlash("/foo/bar.crt")
if crtPath != expectedPath {
t.Errorf("unexpected certificate path: %s", crtPath)
}
if keyPath != "/foo/bar.key" {
expectedPath = filepath.FromSlash("/foo/bar.key")
if keyPath != expectedPath {
t.Errorf("unexpected key path: %s", keyPath)
}
}
func TestPathForCert(t *testing.T) {
crtPath := pathForCert("/foo", "bar")
if crtPath != "/foo/bar.crt" {
expectedPath := filepath.FromSlash("/foo/bar.crt")
if crtPath != expectedPath {
t.Errorf("unexpected certificate path: %s", crtPath)
}
}
func TestPathForKey(t *testing.T) {
keyPath := pathForKey("/foo", "bar")
if keyPath != "/foo/bar.key" {
expectedPath := filepath.FromSlash("/foo/bar.key")
if keyPath != expectedPath {
t.Errorf("unexpected certificate path: %s", keyPath)
}
}
func TestPathForPublicKey(t *testing.T) {
pubPath := pathForPublicKey("/foo", "bar")
if pubPath != "/foo/bar.pub" {
expectedPath := filepath.FromSlash("/foo/bar.pub")
if pubPath != expectedPath {
t.Errorf("unexpected certificate path: %s", pubPath)
}
}
func TestPathForCSR(t *testing.T) {
csrPath := pathForCSR("/foo", "bar")
if csrPath != "/foo/bar.csr" {
expectedPath := filepath.FromSlash("/foo/bar.csr")
if csrPath != expectedPath {
t.Errorf("unexpected certificate path: %s", csrPath)
}
}