Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubeadm: improve the kubeconfig file validation phase #79165

Merged
merged 1 commit into from Jun 19, 2019
Merged

kubeadm: improve the kubeconfig file validation phase #79165

merged 1 commit into from Jun 19, 2019

Conversation

neolit123
Copy link
Member

@neolit123 neolit123 commented Jun 19, 2019
edited

What this PR does / why we need it:
When a kubeconfig file is read from disk it may lack the
propper mapping between contexts and clusters.

In such a case the kubeconfig phase backend will panic,
without throwing a sensible error.

Add nil checks for a couple of map operations in
validateKubeConfig().

Which issue(s) this PR fixes:

Fixes #79069
xref kubernetes/kubeadm#1382

Special notes for your reviewer:
NONE

Does this PR introduce a user-facing change?:

kubeadm: fix a potential panic if kubeadm discovers an invalid, existing kubeconfig file

/priority backlog
/assign @fabriziopandini @rosti
/kind bug
@kubernetes/sig-cluster-lifecycle-pr-reviews
/hold

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. priority/backlog Higher priority than priority/awaiting-more-evidence. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. kind/bug Categorizes issue or PR as related to a bug. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Jun 19, 2019
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: neolit123

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 19, 2019
yagonobre
yagonobre reviewed Jun 19, 2019
View reviewed changes
Copy link
Member

@yagonobre yagonobre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @neolit123

cmd/kubeadm/app/phases/kubeconfig/kubeconfig.go Outdated
@@ -224,7 +224,13 @@ func validateKubeConfig(outDir, filename string, config *clientcmdapi.Config) er
expectedCtx := config.CurrentContext
expectedCluster := config.Contexts[expectedCtx].Cluster
currentCtx := currentConfig.CurrentContext
if config.Contexts[currentCtx] == nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should it be currentConfig? Also, should we check the config.Contexts[expectedCtx].Cluster above?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should it be currentConfig?

yeah already sent a change.

Also, should we check the config.Contexts[expectedCtx].Cluster above

its a file we just generated, so doesn't seem we need to.

@neolit123
kubeadm: improve the kubeconfig file validation phase
14408be 
When a kubeconfig file is read from disk it may lack the
propper mapping between contexts and clusters.

In such a case the kubeconfig phase backend will panic,
without throwing a sensible error.

Add nil checks for a couple of map operations in
validateKubeConfig().
@neolit123 neolit123 force-pushed the kubeadm-1.16-fix-panic-kubeconfig branch from 12866fc to 14408be Compare June 19, 2019 12:12
rosti
rosti approved these changes Jun 19, 2019
View reviewed changes
Copy link
Contributor

@rosti rosti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @neolit123 !
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 19, 2019
yagonobre
yagonobre reviewed Jun 19, 2019
View reviewed changes
Copy link
Member

@yagonobre yagonobre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@neolit123
Copy link
Member Author

/hold cancel
thanks

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 19, 2019
@k8s-ci-robot k8s-ci-robot merged commit 4683054 into kubernetes:master Jun 19, 2019
fabriziopandini
fabriziopandini reviewed Jun 21, 2019
View reviewed changes
Copy link
Member

@fabriziopandini fabriziopandini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@neolit123 many thanks for this fix!
/approve
/lgtm

Are U planning to back port this fix in older releases?

@neolit123 neolit123 mentioned this pull request Mar 10, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabriziopandini fabriziopandini fabriziopandini left review comments

@yagonobre yagonobre yagonobre left review comments

@rosti rosti rosti approved these changes

@timothysc timothysc Awaiting requested review from timothysc

Assignees

@rosti rosti

@fabriziopandini fabriziopandini

@yagonobre yagonobre

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubeadm cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/backlog Higher priority than priority/awaiting-more-evidence. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

panic during kubeadm init phase kubeconfig all
5 participants
@neolit123 @k8s-ci-robot @rosti @fabriziopandini @yagonobre