From fc63fdee2d4d1fc4edc6be75d246f8ab2cdf5d2a Mon Sep 17 00:00:00 2001 From: gab-satchi Date: Wed, 18 Mar 2020 10:43:53 -0400 Subject: [PATCH] Validates CoreDNS version update - Skips validation if ClusterConfiguration undefined - Skips validation if previous version undefined --- cmd/clusterctl/test/e2e/go.sum | 1 + .../v1alpha3/kubeadm_control_plane_webhook.go | 34 +++++++++++++++++-- .../kubeadm_control_plane_webhook_test.go | 24 +++++++++++-- go.mod | 2 +- go.sum | 4 +-- test/infrastructure/docker/go.sum | 1 + 6 files changed, 59 insertions(+), 7 deletions(-) diff --git a/cmd/clusterctl/test/e2e/go.sum b/cmd/clusterctl/test/e2e/go.sum index 16aa1469e38e..0db13d6fe1ef 100644 --- a/cmd/clusterctl/test/e2e/go.sum +++ b/cmd/clusterctl/test/e2e/go.sum @@ -51,6 +51,7 @@ github.com/cheekybits/genny v0.0.0-20170328200008-9127e812e1e9/go.mod h1:+tQajlR github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/coredns/corefile-migration v1.0.6/go.mod h1:OFwBp/Wc9dJt5cAZzHWMNhK1r5L0p0jDwIBc6j8NC8E= +github.com/coredns/corefile-migration v1.0.7-0.20200317205912-4b5f6e751512/go.mod h1:OFwBp/Wc9dJt5cAZzHWMNhK1r5L0p0jDwIBc6j8NC8E= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= diff --git a/controlplane/kubeadm/api/v1alpha3/kubeadm_control_plane_webhook.go b/controlplane/kubeadm/api/v1alpha3/kubeadm_control_plane_webhook.go index 79aea2a1298e..193a7f66c03f 100644 --- a/controlplane/kubeadm/api/v1alpha3/kubeadm_control_plane_webhook.go +++ b/controlplane/kubeadm/api/v1alpha3/kubeadm_control_plane_webhook.go @@ -19,6 +19,8 @@ package v1alpha3 import ( "encoding/json" "fmt" + "github.com/coredns/corefile-migration/migration" + kubeadmv1 "sigs.k8s.io/cluster-api/bootstrap/kubeadm/types/v1beta1" "strings" "github.com/blang/semver" @@ -127,6 +129,7 @@ func (in *KubeadmControlPlane) ValidateUpdate(old runtime.Object) error { } allErrs = append(allErrs, in.validateEtcd(prev)...) + allErrs = append(allErrs, in.validateCoreDNSVersion(prev)...) if len(allErrs) > 0 { return apierrors.NewInvalid(GroupVersion.WithKind("KubeadmControlPlane").GroupKind(), in.Name, allErrs) @@ -237,12 +240,12 @@ func (in *KubeadmControlPlane) validateCommon() (allErrs field.ErrorList) { allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "version"), in.Spec.Version, "must be a valid semantic version")) } - allErrs = append(allErrs, in.validateCoreDNS()...) + allErrs = append(allErrs, in.validateCoreDNSImage()...) return allErrs } -func (in *KubeadmControlPlane) validateCoreDNS() (allErrs field.ErrorList) { +func (in *KubeadmControlPlane) validateCoreDNSImage() (allErrs field.ErrorList) { if in.Spec.KubeadmConfigSpec.ClusterConfiguration == nil { return allErrs } @@ -259,6 +262,33 @@ func (in *KubeadmControlPlane) validateCoreDNS() (allErrs field.ErrorList) { return allErrs } +func (in *KubeadmControlPlane) validateCoreDNSVersion(prev *KubeadmControlPlane) (allErrs field.ErrorList) { + if in.Spec.KubeadmConfigSpec.ClusterConfiguration == nil || prev.Spec.KubeadmConfigSpec.ClusterConfiguration == nil { + return allErrs + } + if prev.Spec.KubeadmConfigSpec.ClusterConfiguration.DNS.ImageTag == "" { + return allErrs + } + dns := &in.Spec.KubeadmConfigSpec.ClusterConfiguration.DNS + //return if the type is anything other than empty (default), or CoreDNS. + if dns.Type != "" && dns.Type != kubeadmv1.CoreDNS { + return allErrs + } + + fromVersion := prev.Spec.KubeadmConfigSpec.ClusterConfiguration.DNS.ImageTag + if err := migration.ValidUpMigration(fromVersion, dns.ImageTag); err != nil { + allErrs = append( + allErrs, + field.Forbidden( + field.NewPath("spec", "kubeadmConfigSpec", "clusterConfiguration", "dns", "imageTag"), + fmt.Sprintf("cannot migrate CoreDNS up to '%v' from '%v'", dns.ImageTag, fromVersion), + ), + ) + } + + return allErrs +} + func (in *KubeadmControlPlane) validateEtcd(prev *KubeadmControlPlane) (allErrs field.ErrorList) { if in.Spec.KubeadmConfigSpec.ClusterConfiguration == nil { return allErrs diff --git a/controlplane/kubeadm/api/v1alpha3/kubeadm_control_plane_webhook_test.go b/controlplane/kubeadm/api/v1alpha3/kubeadm_control_plane_webhook_test.go index 9c2a8ae8b651..4de9804a7b09 100644 --- a/controlplane/kubeadm/api/v1alpha3/kubeadm_control_plane_webhook_test.go +++ b/controlplane/kubeadm/api/v1alpha3/kubeadm_control_plane_webhook_test.go @@ -175,6 +175,12 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) { }, ClusterConfiguration: &kubeadmv1beta1.ClusterConfiguration{ ClusterName: "test", + DNS: kubeadmv1beta1.DNS{ + ImageMeta: kubeadmv1beta1.ImageMeta{ + ImageRepository: "k8s.gcr.io/coredns", + ImageTag: "1.6.5", + }, + }, }, JoinConfiguration: &kubeadmv1beta1.JoinConfiguration{ NodeRegistration: kubeadmv1beta1.NodeRegistrationOptions{ @@ -267,7 +273,7 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) { dns.Spec.KubeadmConfigSpec.ClusterConfiguration.DNS = kubeadmv1beta1.DNS{ ImageMeta: kubeadmv1beta1.ImageMeta{ ImageRepository: "gcr.io/capi-test", - ImageTag: "v0.20.0", + ImageTag: "1.6.6", }, } @@ -275,7 +281,7 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) { dnsBuildTag.Spec.KubeadmConfigSpec.ClusterConfiguration.DNS = kubeadmv1beta1.DNS{ ImageMeta: kubeadmv1beta1.ImageMeta{ ImageRepository: "gcr.io/capi-test", - ImageTag: "v0.20.0_build1", + ImageTag: "1.6.7", }, } @@ -287,6 +293,14 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) { }, } + dnsInvalidCoreDNSVersion := before.DeepCopy() + dnsInvalidCoreDNSVersion.Spec.KubeadmConfigSpec.ClusterConfiguration.DNS = kubeadmv1beta1.DNS{ + ImageMeta: kubeadmv1beta1.ImageMeta{ + ImageRepository: "gcr.io/capi-test", + ImageTag: "a.b.c", + }, + } + certificatesDir := before.DeepCopy() certificatesDir.Spec.KubeadmConfigSpec.ClusterConfiguration.CertificatesDir = "a new certificates directory" @@ -489,6 +503,12 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) { before: before, kcp: dnsInvalidTag, }, + { + name: "should fail when using an invalid CoreDNS version", + expectErr: true, + before: dns, + kcp: dnsInvalidCoreDNSVersion, + }, { name: "should fail when making a change to the cluster config's certificatesDir", expectErr: true, diff --git a/go.mod b/go.mod index 6f4a96704872..7bd96b1b7d01 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.13 require ( github.com/MakeNowJust/heredoc v1.0.0 github.com/blang/semver v3.5.1+incompatible - github.com/coredns/corefile-migration v1.0.6 + github.com/coredns/corefile-migration v1.0.7-0.20200317205912-4b5f6e751512 github.com/davecgh/go-spew v1.1.1 github.com/docker/distribution v2.7.1+incompatible github.com/evanphx/json-patch v4.5.0+incompatible diff --git a/go.sum b/go.sum index e31542b5c8ef..3dc37c07612f 100644 --- a/go.sum +++ b/go.sum @@ -53,8 +53,8 @@ github.com/cheekybits/genny v0.0.0-20170328200008-9127e812e1e9/go.mod h1:+tQajlR github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa h1:OaNxuTZr7kxeODyLWsRMC+OD03aFUH+mW6r2d+MWa5Y= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= -github.com/coredns/corefile-migration v1.0.6 h1:hB6vclp2g/KeXe9n1oz/PafgieUahsOYeHMQA+RJ4Hg= -github.com/coredns/corefile-migration v1.0.6/go.mod h1:OFwBp/Wc9dJt5cAZzHWMNhK1r5L0p0jDwIBc6j8NC8E= +github.com/coredns/corefile-migration v1.0.7-0.20200317205912-4b5f6e751512 h1:2oxpEljcf3gr9hr3im3U/pcKg0aSoHCPh0HP3eEUzGA= +github.com/coredns/corefile-migration v1.0.7-0.20200317205912-4b5f6e751512/go.mod h1:OFwBp/Wc9dJt5cAZzHWMNhK1r5L0p0jDwIBc6j8NC8E= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= diff --git a/test/infrastructure/docker/go.sum b/test/infrastructure/docker/go.sum index 62f57e2de9df..285567ba459f 100644 --- a/test/infrastructure/docker/go.sum +++ b/test/infrastructure/docker/go.sum @@ -52,6 +52,7 @@ github.com/cheekybits/genny v0.0.0-20170328200008-9127e812e1e9/go.mod h1:+tQajlR github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/coredns/corefile-migration v1.0.6/go.mod h1:OFwBp/Wc9dJt5cAZzHWMNhK1r5L0p0jDwIBc6j8NC8E= +github.com/coredns/corefile-migration v1.0.7-0.20200317205912-4b5f6e751512/go.mod h1:OFwBp/Wc9dJt5cAZzHWMNhK1r5L0p0jDwIBc6j8NC8E= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=