Merge pull request kubernetes#75499 from marccarre/issues/74246-more-decl-kubeadm-cli-args

Add ability to configure kubeadm's ignored pre-flight errors via InitConfiguration and JoinConfiguration

Author: k8s-ci-robot

cmd/kubeadm/app/apis/kubeadm/fuzzer/fuzzer.go

@@ -32,6 +32,7 @@ func Funcs(codecs runtimeserializer.CodecFactory) []interface{} {
 		fuzzClusterConfiguration,
 		fuzzComponentConfigs,
 		fuzzDNS,
+		fuzzNodeRegistration,
 		fuzzLocalEtcd,
 		fuzzNetworking,
 		fuzzJoinConfiguration,
@@ -87,6 +88,13 @@ func fuzzInitConfiguration(obj *kubeadm.InitConfiguration, c fuzz.Continue) {
 	obj.CertificateKey = ""
 }
 
+func fuzzNodeRegistration(obj *kubeadm.NodeRegistrationOptions, c fuzz.Continue) {
+	c.FuzzNoCustom(obj)
+
+	// Pinning values for fields that get defaults if fuzz value is empty string or nil (thus making the round trip test fail)
+	obj.IgnorePreflightErrors = nil
+}
+
 func fuzzClusterConfiguration(obj *kubeadm.ClusterConfiguration, c fuzz.Continue) {
 	c.FuzzNoCustom(obj)
 

cmd/kubeadm/app/apis/kubeadm/types.go

@@ -229,6 +229,9 @@ type NodeRegistrationOptions struct {
 	// kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
 	// Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
 	KubeletExtraArgs map[string]string
+
+	// IgnorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered.
+	IgnorePreflightErrors []string
 }
 
 // Networking contains elements describing cluster's networking configuration.

cmd/kubeadm/app/apis/kubeadm/v1beta1/conversion.go

@@ -45,3 +45,15 @@ func Convert_kubeadm_JoinControlPlane_To_v1beta1_JoinControlPlane(in *kubeadm.Jo
 
 	return nil
 }
+
+func Convert_kubeadm_NodeRegistrationOptions_To_v1beta1_NodeRegistrationOptions(in *kubeadm.NodeRegistrationOptions, out *NodeRegistrationOptions, s conversion.Scope) error {
+	if err := autoConvert_kubeadm_NodeRegistrationOptions_To_v1beta1_NodeRegistrationOptions(in, out, s); err != nil {
+		return err
+	}
+
+	if len(in.IgnorePreflightErrors) > 0 {
+		return errors.New("ignorePreflightErrors field is not supported by v1beta1 config format")
+	}
+
+	return nil
+}

cmd/kubeadm/app/apis/kubeadm/v1beta1/conversion_test.go

@@ -37,6 +37,14 @@ func TestInternalToVersionedInitConfigurationConversion(t *testing.T) {
 			},
 			expectedError: true,
 		},
+		"ignorePreflightErrors set causes an error": {
+			in: kubeadm.InitConfiguration{
+				NodeRegistration: kubeadm.NodeRegistrationOptions{
+					IgnorePreflightErrors: []string{"SomeUndesirableError"},
+				},
+			},
+			expectedError: true,
+		},
 	}
 	for name, tc := range testcases {
 		t.Run(name, func(t *testing.T) {
@@ -51,6 +59,66 @@ func TestInternalToVersionedInitConfigurationConversion(t *testing.T) {
 	}
 }
 
+func TestInternalToVersionedJoinConfigurationConversion(t *testing.T) {
+	testcases := map[string]struct {
+		in            kubeadm.JoinConfiguration
+		expectedError bool
+	}{
+		"conversion succeeds": {
+			in:            kubeadm.JoinConfiguration{},
+			expectedError: false,
+		},
+		"ignorePreflightErrors set causes an error": {
+			in: kubeadm.JoinConfiguration{
+				NodeRegistration: kubeadm.NodeRegistrationOptions{
+					IgnorePreflightErrors: []string{"SomeUndesirableError"},
+				},
+			},
+			expectedError: true,
+		},
+	}
+	for name, tc := range testcases {
+		t.Run(name, func(t *testing.T) {
+			versioned := &JoinConfiguration{}
+			err := Convert_kubeadm_JoinConfiguration_To_v1beta1_JoinConfiguration(&tc.in, versioned, nil)
+			if err == nil && tc.expectedError {
+				t.Error("unexpected success")
+			} else if err != nil && !tc.expectedError {
+				t.Errorf("unexpected error: %v", err)
+			}
+		})
+	}
+}
+
+func TestInternalToVersionedNodeRegistrationOptionsConversion(t *testing.T) {
+	testcases := map[string]struct {
+		in            kubeadm.NodeRegistrationOptions
+		expectedError bool
+	}{
+		"conversion succeeds": {
+			in:            kubeadm.NodeRegistrationOptions{},
+			expectedError: false,
+		},
+		"ignorePreflightErrors set causes an error": {
+			in: kubeadm.NodeRegistrationOptions{
+				IgnorePreflightErrors: []string{"SomeUndesirableError"},
+			},
+			expectedError: true,
+		},
+	}
+	for name, tc := range testcases {
+		t.Run(name, func(t *testing.T) {
+			versioned := &NodeRegistrationOptions{}
+			err := Convert_kubeadm_NodeRegistrationOptions_To_v1beta1_NodeRegistrationOptions(&tc.in, versioned, nil)
+			if err == nil && tc.expectedError {
+				t.Error("unexpected success")
+			} else if err != nil && !tc.expectedError {
+				t.Errorf("unexpected error: %v", err)
+			}
+		})
+	}
+}
+
 func TestInternalToVersionedJoinControlPlaneConversion(t *testing.T) {
 	testcases := map[string]struct {
 		in            kubeadm.JoinControlPlane

cmd/kubeadm/app/apis/kubeadm/v1beta1/zz_generated.conversion.go

@@ -215,6 +215,9 @@ type NodeRegistrationOptions struct {
 	// kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap
 	// Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.
 	KubeletExtraArgs map[string]string `json:"kubeletExtraArgs,omitempty"`
+
+	// IgnorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered.
+	IgnorePreflightErrors []string `json:"ignorePreflightErrors,omitempty"`
 }
 
 // Networking contains elements describing cluster's networking configuration

cmd/kubeadm/app/apis/kubeadm/v1beta2/types.go

@@ -34,6 +34,7 @@ go_test(
         "//cmd/kubeadm/app/apis/kubeadm/v1beta2:go_default_library",
         "//pkg/proxy/apis/config:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
         "//vendor/github.com/spf13/pflag:go_default_library",
         "//vendor/k8s.io/utils/pointer:go_default_library",

cmd/kubeadm/app/apis/kubeadm/v1beta2/zz_generated.conversion.go

@@ -463,12 +463,25 @@ func ValidateAPIEndpoint(c *kubeadm.APIEndpoint, fldPath *field.Path) field.Erro
 	return allErrs
 }
 
-// ValidateIgnorePreflightErrors validates duplicates in ignore-preflight-errors flag.
-func ValidateIgnorePreflightErrors(ignorePreflightErrors []string) (sets.String, error) {
+// ValidateIgnorePreflightErrors validates duplicates in:
+// - ignore-preflight-errors flag and
+// - ignorePreflightErrors field in {Init,Join}Configuration files.
+func ValidateIgnorePreflightErrors(ignorePreflightErrorsFromCLI, ignorePreflightErrorsFromConfigFile []string) (sets.String, error) {
 	ignoreErrors := sets.NewString()
 	allErrs := field.ErrorList{}
 
-	for _, item := range ignorePreflightErrors {
+	for _, item := range ignorePreflightErrorsFromConfigFile {
+		ignoreErrors.Insert(strings.ToLower(item)) // parameters are case insensitive
+	}
+
+	if ignoreErrors.Has("all") {
+		// "all" is forbidden in config files. Administrators should use an
+		// explicit list of errors they want to ignore, as it can be risky to
+		// mask all errors in such a way. Hence, we return an error:
+		allErrs = append(allErrs, field.Invalid(field.NewPath("ignorePreflightErrors"), "all", "'all' cannot be used in configuration file"))
+	}
+
+	for _, item := range ignorePreflightErrorsFromCLI {
 		ignoreErrors.Insert(strings.ToLower(item)) // parameters are case insensitive
 	}