Merge pull request #49499 from luxas/automated-cherry-pick-of-#49498-#…

…49328-upstream-release-1.7 Automatic merge from submit-queue Automated cherry pick of #49498 #49328 Cherry pick of #49498 #49328 on release-1.7. #49498: kubeadm: Make sure --config can be mixed with --skip-* flags #49328: kubeadm: don't customize etcd selinux label
kubernetes · Jul 25, 2017 · 5620b07 · 5620b07
2 parents 59dbcbb + bea3cbb
commit 5620b07
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 17 deletions.
diff --git a/cmd/kubeadm/app/apis/kubeadm/validation/validation.go b/cmd/kubeadm/app/apis/kubeadm/validation/validation.go
@@ -253,8 +253,22 @@ func ValidateCloudProvider(provider string, fldPath *field.Path) field.ErrorList
 }
 
 func ValidateMixedArguments(flag *pflag.FlagSet) error {
-	if flag.Changed("config") && flag.NFlag() != 1 {
-		return fmt.Errorf("can not mix '--config' with other arguments")
+	// If --config isn't set, we have nothing to validate
+	if !flag.Changed("config") {
+		return nil
+	}
+
+	mixedInvalidFlags := []string{}
+	flag.Visit(func(f *pflag.Flag) {
+		if f.Name == "config" || strings.HasPrefix(f.Name, "skip-") {
+			// "--skip-*" flags can be set with --config
+			return
+		}
+		mixedInvalidFlags = append(mixedInvalidFlags, f.Name)
+	})
+
+	if len(mixedInvalidFlags) != 0 {
+		return fmt.Errorf("can not mix '--config' with arguments %v", mixedInvalidFlags)
 	}
 	return nil
 }
diff --git a/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go b/cmd/kubeadm/app/apis/kubeadm/validation/validation_test.go
@@ -261,35 +261,39 @@ func TestValidateMixedArguments(t *testing.T) {
 		args     []string
 		expected bool
 	}{
+		// Expected to succeed, --config is mixed with skip-* flags only or no other flags
 		{[]string{"--foo=bar"}, true},
 		{[]string{"--config=hello"}, true},
-		{[]string{"--foo=bar", "--config=hello"}, false},
+		{[]string{"--config=hello", "--skip-preflight-checks=true"}, true},
+		{[]string{"--config=hello", "--skip-token-print=true"}, true},
+		{[]string{"--config=hello", "--skip-preflight-checks", "--skip-token-print"}, true},
+		// Expected to fail, --config is mixed with the --foo flag
+		{[]string{"--config=hello", "--skip-preflight-checks", "--foo=bar"}, false},
+		{[]string{"--config=hello", "--foo=bar"}, false},
 	}
 
 	var cfgPath string
-	var skipPreFlight bool
 
 	for _, rt := range tests {
 		f := pflag.NewFlagSet("test", pflag.ContinueOnError)
 		if f.Parsed() {
 			t.Error("f.Parse() = true before Parse")
 		}
-		f.String("foo", "", "string value")
+		f.String("foo", "", "flag bound to config object")
+		f.Bool("skip-preflight-checks", false, "flag not bound to config object")
+		f.Bool("skip-token-print", false, "flag not bound to config object")
 		f.StringVar(&cfgPath, "config", cfgPath, "Path to kubeadm config file")
-		f.BoolVar(
-			&skipPreFlight, "skip-preflight-checks", skipPreFlight,
-			"Skip preflight checks normally run before modifying the system",
-		)
 		if err := f.Parse(rt.args); err != nil {
 			t.Fatal(err)
 		}
 
 		actual := ValidateMixedArguments(f)
 		if (actual == nil) != rt.expected {
 			t.Errorf(
-				"failed ValidateMixedArguments:\n\texpected: %t\n\t  actual: %t",
+				"failed ValidateMixedArguments:\n\texpected: %t\n\t  actual: %t testdata: %v",
 				rt.expected,
 				(actual == nil),
+				rt.args,
 			)
 		}
 	}

diff --git a/cmd/kubeadm/app/cmd/init.go b/cmd/kubeadm/app/cmd/init.go
@@ -134,10 +134,12 @@ func NewCmdInit(out io.Writer) *cobra.Command {
 
 	cmd.PersistentFlags().StringVar(&cfgPath, "config", cfgPath, "Path to kubeadm config file (WARNING: Usage of a configuration file is experimental)")
 
+	// Note: All flags that are not bound to the cfg object should be whitelisted in cmd/kubeadm/app/apis/kubeadm/validation/validation.go
 	cmd.PersistentFlags().BoolVar(
 		&skipPreFlight, "skip-preflight-checks", skipPreFlight,
 		"Skip preflight checks normally run before modifying the system",
 	)
+	// Note: All flags that are not bound to the cfg object should be whitelisted in cmd/kubeadm/app/apis/kubeadm/validation/validation.go
 	cmd.PersistentFlags().BoolVar(
 		&skipTokenPrint, "skip-token-print", skipTokenPrint,
 		"Skip printing of the default bootstrap token generated by 'kubeadm init'",

diff --git a/cmd/kubeadm/app/master/manifests.go b/cmd/kubeadm/app/master/manifests.go
@@ -127,13 +127,6 @@ func WriteStaticPodManifests(cfg *kubeadmapi.MasterConfiguration) error {
 			LivenessProbe: componentProbe(2379, "/health", api.URISchemeHTTP),
 		}, certsVolume(cfg), etcdVolume(cfg), k8sVolume())
 
-		etcdPod.Spec.SecurityContext = &api.PodSecurityContext{
-			SELinuxOptions: &api.SELinuxOptions{
-				// Unconfine the etcd container so it can write to the data dir with SELinux enforcing:
-				Type: "spc_t",
-			},
-		}
-
 		staticPodSpecs[etcd] = etcdPod
 	}