custom-kube-scheduler/kubernetes-v1.15.4/cmd/kubeadm/app/componentconfigs/validation_test.go

/*
Copyright 2018 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package componentconfigs

import (
	"strings"
	"testing"
	"time"

	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	"k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
	kubeletconfig "k8s.io/kubernetes/pkg/kubelet/apis/config"
	kubeproxyconfig "k8s.io/kubernetes/pkg/proxy/apis/config"
	utilpointer "k8s.io/utils/pointer"
)

func TestValidateKubeProxyConfiguration(t *testing.T) {
	var tests = []struct {
		name          string
		clusterConfig *kubeadm.ClusterConfiguration
		msg           string
		expectErr     bool
	}{
		{
			name: "valid config",
			clusterConfig: &kubeadm.ClusterConfiguration{
				ComponentConfigs: kubeadm.ComponentConfigs{
					KubeProxy: &kubeproxyconfig.KubeProxyConfiguration{
						BindAddress:        "192.168.59.103",
						HealthzBindAddress: "0.0.0.0:10256",
						MetricsBindAddress: "127.0.0.1:10249",
						ClusterCIDR:        "192.168.59.0/24",
						UDPIdleTimeout:     metav1.Duration{Duration: 1 * time.Second},
						ConfigSyncPeriod:   metav1.Duration{Duration: 1 * time.Second},
						IPTables: kubeproxyconfig.KubeProxyIPTablesConfiguration{
							MasqueradeAll: true,
							SyncPeriod:    metav1.Duration{Duration: 5 * time.Second},
							MinSyncPeriod: metav1.Duration{Duration: 2 * time.Second},
						},
						IPVS: kubeproxyconfig.KubeProxyIPVSConfiguration{
							SyncPeriod:    metav1.Duration{Duration: 10 * time.Second},
							MinSyncPeriod: metav1.Duration{Duration: 5 * time.Second},
						},
						Conntrack: kubeproxyconfig.KubeProxyConntrackConfiguration{
							MaxPerCore:            utilpointer.Int32Ptr(1),
							Min:                   utilpointer.Int32Ptr(1),
							TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
							TCPCloseWaitTimeout:   &metav1.Duration{Duration: 5 * time.Second},
						},
					},
				},
			},
			expectErr: false,
		},
		{
			name: "invalid BindAddress",
			clusterConfig: &kubeadm.ClusterConfiguration{
				ComponentConfigs: kubeadm.ComponentConfigs{
					KubeProxy: &kubeproxyconfig.KubeProxyConfiguration{
						// only BindAddress is invalid
						BindAddress:        "10.10.12.11:2000",
						HealthzBindAddress: "0.0.0.0:10256",
						MetricsBindAddress: "127.0.0.1:10249",
						ClusterCIDR:        "192.168.59.0/24",
						UDPIdleTimeout:     metav1.Duration{Duration: 1 * time.Second},
						ConfigSyncPeriod:   metav1.Duration{Duration: 1 * time.Second},
						IPTables: kubeproxyconfig.KubeProxyIPTablesConfiguration{
							MasqueradeAll: true,
							SyncPeriod:    metav1.Duration{Duration: 5 * time.Second},
							MinSyncPeriod: metav1.Duration{Duration: 2 * time.Second},
						},
						IPVS: kubeproxyconfig.KubeProxyIPVSConfiguration{
							SyncPeriod:    metav1.Duration{Duration: 10 * time.Second},
							MinSyncPeriod: metav1.Duration{Duration: 5 * time.Second},
						},
						Conntrack: kubeproxyconfig.KubeProxyConntrackConfiguration{
							MaxPerCore:            utilpointer.Int32Ptr(1),
							Min:                   utilpointer.Int32Ptr(1),
							TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
							TCPCloseWaitTimeout:   &metav1.Duration{Duration: 5 * time.Second},
						},
					},
				},
			},
			msg:       "not a valid textual representation of an IP address",
			expectErr: true,
		},
		{
			name: "invalid HealthzBindAddress",
			clusterConfig: &kubeadm.ClusterConfiguration{
				ComponentConfigs: kubeadm.ComponentConfigs{
					KubeProxy: &kubeproxyconfig.KubeProxyConfiguration{
						BindAddress: "10.10.12.11",
						// only HealthzBindAddress is invalid
						HealthzBindAddress: "0.0.0.0",
						MetricsBindAddress: "127.0.0.1:10249",
						ClusterCIDR:        "192.168.59.0/24",
						UDPIdleTimeout:     metav1.Duration{Duration: 1 * time.Second},
						ConfigSyncPeriod:   metav1.Duration{Duration: 1 * time.Second},
						IPTables: kubeproxyconfig.KubeProxyIPTablesConfiguration{
							MasqueradeAll: true,
							SyncPeriod:    metav1.Duration{Duration: 5 * time.Second},
							MinSyncPeriod: metav1.Duration{Duration: 2 * time.Second},
						},
						IPVS: kubeproxyconfig.KubeProxyIPVSConfiguration{
							SyncPeriod:    metav1.Duration{Duration: 10 * time.Second},
							MinSyncPeriod: metav1.Duration{Duration: 5 * time.Second},
						},
						Conntrack: kubeproxyconfig.KubeProxyConntrackConfiguration{
							MaxPerCore:            utilpointer.Int32Ptr(1),
							Min:                   utilpointer.Int32Ptr(1),
							TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
							TCPCloseWaitTimeout:   &metav1.Duration{Duration: 5 * time.Second},
						},
					},
				},
			},
			msg:       "must be IP:port",
			expectErr: true,
		},
		{
			name: "invalid MetricsBindAddress",
			clusterConfig: &kubeadm.ClusterConfiguration{
				ComponentConfigs: kubeadm.ComponentConfigs{
					KubeProxy: &kubeproxyconfig.KubeProxyConfiguration{
						BindAddress:        "10.10.12.11",
						HealthzBindAddress: "0.0.0.0:12345",
						// only MetricsBindAddress is invalid
						MetricsBindAddress: "127.0.0.1",
						ClusterCIDR:        "192.168.59.0/24",
						UDPIdleTimeout:     metav1.Duration{Duration: 1 * time.Second},
						ConfigSyncPeriod:   metav1.Duration{Duration: 1 * time.Second},
						IPTables: kubeproxyconfig.KubeProxyIPTablesConfiguration{
							MasqueradeAll: true,
							SyncPeriod:    metav1.Duration{Duration: 5 * time.Second},
							MinSyncPeriod: metav1.Duration{Duration: 2 * time.Second},
						},
						IPVS: kubeproxyconfig.KubeProxyIPVSConfiguration{
							SyncPeriod:    metav1.Duration{Duration: 10 * time.Second},
							MinSyncPeriod: metav1.Duration{Duration: 5 * time.Second},
						},
						Conntrack: kubeproxyconfig.KubeProxyConntrackConfiguration{
							MaxPerCore:            utilpointer.Int32Ptr(1),
							Min:                   utilpointer.Int32Ptr(1),
							TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
							TCPCloseWaitTimeout:   &metav1.Duration{Duration: 5 * time.Second},
						},
					},
				},
			},
			msg:       "must be IP:port",
			expectErr: true,
		},
		{
			name: "invalid ClusterCIDR",
			clusterConfig: &kubeadm.ClusterConfiguration{
				ComponentConfigs: kubeadm.ComponentConfigs{
					KubeProxy: &kubeproxyconfig.KubeProxyConfiguration{
						BindAddress:        "10.10.12.11",
						HealthzBindAddress: "0.0.0.0:12345",
						MetricsBindAddress: "127.0.0.1:10249",
						// only ClusterCIDR is invalid
						ClusterCIDR:      "192.168.59.0",
						UDPIdleTimeout:   metav1.Duration{Duration: 1 * time.Second},
						ConfigSyncPeriod: metav1.Duration{Duration: 1 * time.Second},
						IPTables: kubeproxyconfig.KubeProxyIPTablesConfiguration{
							MasqueradeAll: true,
							SyncPeriod:    metav1.Duration{Duration: 5 * time.Second},
							MinSyncPeriod: metav1.Duration{Duration: 2 * time.Second},
						},
						IPVS: kubeproxyconfig.KubeProxyIPVSConfiguration{
							SyncPeriod:    metav1.Duration{Duration: 10 * time.Second},
							MinSyncPeriod: metav1.Duration{Duration: 5 * time.Second},
						},
						Conntrack: kubeproxyconfig.KubeProxyConntrackConfiguration{
							MaxPerCore:            utilpointer.Int32Ptr(1),
							Min:                   utilpointer.Int32Ptr(1),
							TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
							TCPCloseWaitTimeout:   &metav1.Duration{Duration: 5 * time.Second},
						},
					},
				},
			},
			msg:       "must be a valid CIDR block (e.g. 10.100.0.0/16)",
			expectErr: true,
		},
		{
			name: "invalid UDPIdleTimeout",
			clusterConfig: &kubeadm.ClusterConfiguration{
				ComponentConfigs: kubeadm.ComponentConfigs{
					KubeProxy: &kubeproxyconfig.KubeProxyConfiguration{
						BindAddress:        "10.10.12.11",
						HealthzBindAddress: "0.0.0.0:12345",
						MetricsBindAddress: "127.0.0.1:10249",
						ClusterCIDR:        "192.168.59.0/24",
						// only UDPIdleTimeout is invalid
						UDPIdleTimeout:   metav1.Duration{Duration: -1 * time.Second},
						ConfigSyncPeriod: metav1.Duration{Duration: 1 * time.Second},
						IPTables: kubeproxyconfig.KubeProxyIPTablesConfiguration{
							MasqueradeAll: true,
							SyncPeriod:    metav1.Duration{Duration: 5 * time.Second},
							MinSyncPeriod: metav1.Duration{Duration: 2 * time.Second},
						},
						IPVS: kubeproxyconfig.KubeProxyIPVSConfiguration{
							SyncPeriod:    metav1.Duration{Duration: 10 * time.Second},
							MinSyncPeriod: metav1.Duration{Duration: 5 * time.Second},
						},
						Conntrack: kubeproxyconfig.KubeProxyConntrackConfiguration{
							MaxPerCore:            utilpointer.Int32Ptr(1),
							Min:                   utilpointer.Int32Ptr(1),
							TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
							TCPCloseWaitTimeout:   &metav1.Duration{Duration: 5 * time.Second},
						},
					},
				},
			},
			msg:       "must be greater than 0",
			expectErr: true,
		},
		{
			name: "invalid ConfigSyncPeriod",
			clusterConfig: &kubeadm.ClusterConfiguration{
				ComponentConfigs: kubeadm.ComponentConfigs{
					KubeProxy: &kubeproxyconfig.KubeProxyConfiguration{
						BindAddress:        "10.10.12.11",
						HealthzBindAddress: "0.0.0.0:12345",
						MetricsBindAddress: "127.0.0.1:10249",
						ClusterCIDR:        "192.168.59.0/24",
						UDPIdleTimeout:     metav1.Duration{Duration: 1 * time.Second},
						// only ConfigSyncPeriod is invalid
						ConfigSyncPeriod: metav1.Duration{Duration: -1 * time.Second},
						IPTables: kubeproxyconfig.KubeProxyIPTablesConfiguration{
							MasqueradeAll: true,
							SyncPeriod:    metav1.Duration{Duration: 5 * time.Second},
							MinSyncPeriod: metav1.Duration{Duration: 2 * time.Second},
						},
						IPVS: kubeproxyconfig.KubeProxyIPVSConfiguration{
							SyncPeriod:    metav1.Duration{Duration: 10 * time.Second},
							MinSyncPeriod: metav1.Duration{Duration: 5 * time.Second},
						},
						Conntrack: kubeproxyconfig.KubeProxyConntrackConfiguration{
							MaxPerCore:            utilpointer.Int32Ptr(1),
							Min:                   utilpointer.Int32Ptr(1),
							TCPEstablishedTimeout: &metav1.Duration{Duration: 5 * time.Second},
							TCPCloseWaitTimeout:   &metav1.Duration{Duration: 5 * time.Second},
						},
					},
				},
			},
			msg:       "must be greater than 0",
			expectErr: true,
		},
	}
	for i, rt := range tests {
		t.Run(rt.name, func(t *testing.T) {
			err := ValidateKubeProxyConfiguration(rt.clusterConfig, nil).ToAggregate()
			if (err != nil) != rt.expectErr {
				t.Errorf("%d failed ValidateKubeProxyConfiguration: expected error %t, got error %t", i, rt.expectErr, err != nil)
			}
			if err != nil && !strings.Contains(err.Error(), rt.msg) {
				t.Errorf("%d failed ValidateKubeProxyConfiguration: unexpected error: %v, expected: %s", i, err, rt.msg)
			}
		})
	}
}

func TestValidateKubeletConfiguration(t *testing.T) {
	var tests = []struct {
		name          string
		clusterConfig *kubeadm.ClusterConfiguration
		expectErr     bool
	}{
		{
			name: "valid configuration",
			clusterConfig: &kubeadm.ClusterConfiguration{
				ComponentConfigs: kubeadm.ComponentConfigs{
					Kubelet: &kubeletconfig.KubeletConfiguration{
						CgroupsPerQOS:               true,
						EnforceNodeAllocatable:      []string{"pods", "system-reserved", "kube-reserved"},
						SystemReservedCgroup:        "/system.slice",
						KubeReservedCgroup:          "/kubelet.service",
						SystemCgroups:               "",
						CgroupRoot:                  "",
						EventBurst:                  10,
						EventRecordQPS:              5,
						HealthzPort:                 kubeadmconstants.KubeletHealthzPort,
						ImageGCHighThresholdPercent: 85,
						ImageGCLowThresholdPercent:  80,
						IPTablesDropBit:             15,
						IPTablesMasqueradeBit:       14,
						KubeAPIBurst:                10,
						KubeAPIQPS:                  5,
						MaxOpenFiles:                1000000,
						MaxPods:                     110,
						OOMScoreAdj:                 -999,
						PodsPerCore:                 100,
						Port:                        65535,
						ReadOnlyPort:                0,
						RegistryBurst:               10,
						RegistryPullQPS:             5,
						HairpinMode:                 "promiscuous-bridge",
						NodeLeaseDurationSeconds:    40,
					},
				},
			},
			expectErr: false,
		},
		{
			name: "invalid configuration",
			clusterConfig: &kubeadm.ClusterConfiguration{
				ComponentConfigs: kubeadm.ComponentConfigs{
					Kubelet: &kubeletconfig.KubeletConfiguration{
						CgroupsPerQOS:               false,
						EnforceNodeAllocatable:      []string{"pods", "system-reserved", "kube-reserved", "illegal-key"},
						SystemCgroups:               "/",
						CgroupRoot:                  "",
						EventBurst:                  -10,
						EventRecordQPS:              -10,
						HealthzPort:                 -10,
						ImageGCHighThresholdPercent: 101,
						ImageGCLowThresholdPercent:  101,
						IPTablesDropBit:             -10,
						IPTablesMasqueradeBit:       -10,
						KubeAPIBurst:                -10,
						KubeAPIQPS:                  -10,
						MaxOpenFiles:                -10,
						MaxPods:                     -10,
						OOMScoreAdj:                 -1001,
						PodsPerCore:                 -10,
						Port:                        0,
						ReadOnlyPort:                -10,
						RegistryBurst:               -10,
						RegistryPullQPS:             -10,
					},
				},
			},
			expectErr: true,
		},
	}
	for i, rt := range tests {
		t.Run(rt.name, func(t *testing.T) {
			err := ValidateKubeletConfiguration(rt.clusterConfig, nil).ToAggregate()
			if (err != nil) != rt.expectErr {
				t.Errorf("%d failed ValidateKubeletConfiguration: expected error %t, got error %t", i, rt.expectErr, err != nil)
			}
		})
	}
}