Skip to content

Commit

Permalink
KCP: Allow mutation of all fields that should be mutable
Browse files Browse the repository at this point in the history
Signed-off-by: Stefan Büringer [email protected]
  • Loading branch information
sbueringer committed Dec 13, 2023
1 parent fcae182 commit 06c2468
Showing 1 changed file with 24 additions and 1 deletion.
25 changes: 24 additions & 1 deletion controlplane/kubeadm/internal/webhooks/kubeadm_control_plane.go
Original file line number Diff line number Diff line change
Expand Up @@ -159,31 +159,51 @@ func (webhook *KubeadmControlPlane) ValidateUpdate(_ context.Context, oldObj, ne
// add a * to indicate everything beneath is ok.
// For example, {"spec", "*"} will allow any path under "spec" to change.
allowedPaths := [][]string{
// metadata
{"metadata", "*"},
{spec, kubeadmConfigSpec, "useExperimentalRetryJoin"},
// spec.kubeadmConfigSpec.clusterConfiguration
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "imageRepository"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "imageTag"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "extraArgs"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "extraArgs", "*"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "dataDir"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "peerCertSANs"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "local", "serverCertSANs"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "external", "endpoints"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "external", "caFile"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "external", "certFile"},
{spec, kubeadmConfigSpec, clusterConfiguration, "etcd", "external", "keyFile"},
{spec, kubeadmConfigSpec, clusterConfiguration, "dns", "imageRepository"},
{spec, kubeadmConfigSpec, clusterConfiguration, "dns", "imageTag"},
{spec, kubeadmConfigSpec, clusterConfiguration, "certificatesDir"},
{spec, kubeadmConfigSpec, clusterConfiguration, "imageRepository"},
{spec, kubeadmConfigSpec, clusterConfiguration, apiServer},
{spec, kubeadmConfigSpec, clusterConfiguration, apiServer, "*"},
{spec, kubeadmConfigSpec, clusterConfiguration, controllerManager},
{spec, kubeadmConfigSpec, clusterConfiguration, controllerManager, "*"},
{spec, kubeadmConfigSpec, clusterConfiguration, scheduler},
{spec, kubeadmConfigSpec, clusterConfiguration, scheduler, "*"},
// spec.kubeadmConfigSpec.initConfiguration
{spec, kubeadmConfigSpec, initConfiguration, nodeRegistration},
{spec, kubeadmConfigSpec, initConfiguration, nodeRegistration, "*"},
{spec, kubeadmConfigSpec, initConfiguration, patches, directory},
{spec, kubeadmConfigSpec, initConfiguration, patches},
{spec, kubeadmConfigSpec, initConfiguration, skipPhases},
{spec, kubeadmConfigSpec, initConfiguration, "bootstrapTokens"},
{spec, kubeadmConfigSpec, initConfiguration, "localAPIEndpoint"},
{spec, kubeadmConfigSpec, initConfiguration, "localAPIEndpoint", "*"},
// spec.kubeadmConfigSpec.joinConfiguration
{spec, kubeadmConfigSpec, joinConfiguration, nodeRegistration},
{spec, kubeadmConfigSpec, joinConfiguration, nodeRegistration, "*"},
{spec, kubeadmConfigSpec, joinConfiguration, patches, directory},
{spec, kubeadmConfigSpec, joinConfiguration, patches},
{spec, kubeadmConfigSpec, joinConfiguration, skipPhases},
{spec, kubeadmConfigSpec, joinConfiguration, "caCertPath"},
{spec, kubeadmConfigSpec, joinConfiguration, "controlPlane"},
{spec, kubeadmConfigSpec, joinConfiguration, "controlPlane", "*"},
{spec, kubeadmConfigSpec, joinConfiguration, "discovery"},
{spec, kubeadmConfigSpec, joinConfiguration, "discovery", "*"},
// spec.kubeadmConfigSpec
{spec, kubeadmConfigSpec, preKubeadmCommands},
{spec, kubeadmConfigSpec, postKubeadmCommands},
{spec, kubeadmConfigSpec, files},
Expand All @@ -197,6 +217,8 @@ func (webhook *KubeadmControlPlane) ValidateUpdate(_ context.Context, oldObj, ne
{spec, kubeadmConfigSpec, diskSetup, "*"},
{spec, kubeadmConfigSpec, "format"},
{spec, kubeadmConfigSpec, "mounts"},
{spec, kubeadmConfigSpec, "useExperimentalRetryJoin"},
// spec.machineTemplate
{spec, "machineTemplate", "metadata"},
{spec, "machineTemplate", "metadata", "*"},
{spec, "machineTemplate", "infrastructureRef", "apiVersion"},
Expand All @@ -205,6 +227,7 @@ func (webhook *KubeadmControlPlane) ValidateUpdate(_ context.Context, oldObj, ne
{spec, "machineTemplate", "nodeDrainTimeout"},
{spec, "machineTemplate", "nodeVolumeDetachTimeout"},
{spec, "machineTemplate", "nodeDeletionTimeout"},
// spec
{spec, "replicas"},
{spec, "version"},
{spec, "remediationStrategy"},
Expand Down

0 comments on commit 06c2468

Please sign in to comment.