KCP: add KubeadmControlPlaneTemplate type

Author: Yuvaraj Kakaraparthi

controlplane/kubeadm/PROJECT

@@ -8,3 +8,6 @@ resources:
 - group: controlplane
   version: v1alpha4
   kind: KubeadmControlPlane
+- group: controlplane
+  kind: KubeadmControlPlaneTemplate
+  version: v1alpha4

controlplane/kubeadm/api/v1alpha4/kubeadm_control_plane_webhook.go

@@ -19,17 +19,14 @@ package v1alpha4
 import (
 	"encoding/json"
 	"fmt"
-	"strings"
 
 	"github.com/blang/semver"
 	"github.com/coredns/corefile-migration/migration"
 	jsonpatch "github.com/evanphx/json-patch"
 	"github.com/pkg/errors"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/util/validation/field"
-	"sigs.k8s.io/cluster-api/util/container"
 	"sigs.k8s.io/cluster-api/util/version"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
@@ -49,47 +46,17 @@ var _ webhook.Validator = &KubeadmControlPlane{}
 
 // Default implements webhook.Defaulter so a webhook will be registered for the type.
 func (in *KubeadmControlPlane) Default() {
-	if in.Spec.Replicas == nil {
-		replicas := int32(1)
-		in.Spec.Replicas = &replicas
-	}
-
-	if in.Spec.MachineTemplate.InfrastructureRef.Namespace == "" {
-		in.Spec.MachineTemplate.InfrastructureRef.Namespace = in.Namespace
-	}
-
-	if !strings.HasPrefix(in.Spec.Version, "v") {
-		in.Spec.Version = "v" + in.Spec.Version
-	}
-
-	ios1 := intstr.FromInt(1)
-
-	if in.Spec.RolloutStrategy == nil {
-		in.Spec.RolloutStrategy = &RolloutStrategy{}
-	}
-
-	// Enforce RollingUpdate strategy and default MaxSurge if not set.
-	if in.Spec.RolloutStrategy != nil {
-		if len(in.Spec.RolloutStrategy.Type) == 0 {
-			in.Spec.RolloutStrategy.Type = RollingUpdateStrategyType
-		}
-		if in.Spec.RolloutStrategy.Type == RollingUpdateStrategyType {
-			if in.Spec.RolloutStrategy.RollingUpdate == nil {
-				in.Spec.RolloutStrategy.RollingUpdate = &RollingUpdate{}
-			}
-			in.Spec.RolloutStrategy.RollingUpdate.MaxSurge = intstr.ValueOrDefault(in.Spec.RolloutStrategy.RollingUpdate.MaxSurge, ios1)
-		}
-	}
+	in.Spec.setDefaults(in.Namespace)
 }
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
 func (in *KubeadmControlPlane) ValidateCreate() error {
-	allErrs := in.validateCommon()
-	allErrs = append(allErrs, in.validateEtcd(nil)...)
+	spec := in.Spec
+	allErrs := spec.validate(in.Namespace)
+	allErrs = append(allErrs, spec.validateEtcd(nil)...)
 	if len(allErrs) > 0 {
 		return apierrors.NewInvalid(GroupVersion.WithKind("KubeadmControlPlane").GroupKind(), in.Name, allErrs)
 	}
-
 	return nil
 }
 
@@ -141,7 +108,7 @@ func (in *KubeadmControlPlane) ValidateUpdate(old runtime.Object) error {
 		{spec, "rolloutStrategy", "*"},
 	}
 
-	allErrs := in.validateCommon()
+	allErrs := in.Spec.validate(in.Namespace)
 
 	prev := old.(*KubeadmControlPlane)
 
@@ -180,7 +147,7 @@ func (in *KubeadmControlPlane) ValidateUpdate(old runtime.Object) error {
 	}
 
 	allErrs = append(allErrs, in.validateVersion(prev.Spec.Version)...)
-	allErrs = append(allErrs, in.validateEtcd(prev)...)
+	allErrs = append(allErrs, in.Spec.validateEtcd(&prev.Spec)...)
 	allErrs = append(allErrs, in.validateCoreDNSVersion(prev)...)
 
 	if len(allErrs) > 0 {
@@ -236,139 +203,6 @@ func paths(path []string, diff map[string]interface{}) [][]string {
 	return allPaths
 }
 
-func (in *KubeadmControlPlane) validateCommon() (allErrs field.ErrorList) {
-	if in.Spec.Replicas == nil {
-		allErrs = append(
-			allErrs,
-			field.Required(
-				field.NewPath("spec", "replicas"),
-				"is required",
-			),
-		)
-	} else if *in.Spec.Replicas <= 0 {
-		// The use of the scale subresource should provide a guarantee that negative values
-		// should not be accepted for this field, but since we have to validate that Replicas != 0
-		// it doesn't hurt to also additionally validate for negative numbers here as well.
-		allErrs = append(
-			allErrs,
-			field.Forbidden(
-				field.NewPath("spec", "replicas"),
-				"cannot be less than or equal to 0",
-			),
-		)
-	}
-
-	externalEtcd := false
-	if in.Spec.KubeadmConfigSpec.ClusterConfiguration != nil {
-		if in.Spec.KubeadmConfigSpec.ClusterConfiguration.Etcd.External != nil {
-			externalEtcd = true
-		}
-	}
-
-	if !externalEtcd {
-		if in.Spec.Replicas != nil && *in.Spec.Replicas%2 == 0 {
-			allErrs = append(
-				allErrs,
-				field.Forbidden(
-					field.NewPath("spec", "replicas"),
-					"cannot be an even number when using managed etcd",
-				),
-			)
-		}
-	}
-
-	if in.Spec.MachineTemplate.InfrastructureRef.APIVersion == "" {
-		allErrs = append(
-			allErrs,
-			field.Invalid(
-				field.NewPath("spec", "machineTemplate", "infrastructure", "apiVersion"),
-				in.Spec.MachineTemplate.InfrastructureRef.APIVersion,
-				"cannot be empty",
-			),
-		)
-	}
-	if in.Spec.MachineTemplate.InfrastructureRef.Kind == "" {
-		allErrs = append(
-			allErrs,
-			field.Invalid(
-				field.NewPath("spec", "machineTemplate", "infrastructure", "kind"),
-				in.Spec.MachineTemplate.InfrastructureRef.Kind,
-				"cannot be empty",
-			),
-		)
-	}
-	if in.Spec.MachineTemplate.InfrastructureRef.Namespace != in.Namespace {
-		allErrs = append(
-			allErrs,
-			field.Invalid(
-				field.NewPath("spec", "machineTemplate", "infrastructure", "namespace"),
-				in.Spec.MachineTemplate.InfrastructureRef.Namespace,
-				"must match metadata.namespace",
-			),
-		)
-	}
-
-	if !version.KubeSemver.MatchString(in.Spec.Version) {
-		allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "version"), in.Spec.Version, "must be a valid semantic version"))
-	}
-
-	if in.Spec.RolloutStrategy != nil {
-		if in.Spec.RolloutStrategy.Type != RollingUpdateStrategyType {
-			allErrs = append(
-				allErrs,
-				field.Required(
-					field.NewPath("spec", "rolloutStrategy", "type"),
-					"only RollingUpdateStrategyType is supported",
-				),
-			)
-		}
-
-		ios1 := intstr.FromInt(1)
-		ios0 := intstr.FromInt(0)
-
-		if *in.Spec.RolloutStrategy.RollingUpdate.MaxSurge == ios0 && *in.Spec.Replicas < int32(3) {
-			allErrs = append(
-				allErrs,
-				field.Required(
-					field.NewPath("spec", "rolloutStrategy", "rollingUpdate"),
-					"when KubeadmControlPlane is configured to scale-in, replica count needs to be at least 3",
-				),
-			)
-		}
-
-		if *in.Spec.RolloutStrategy.RollingUpdate.MaxSurge != ios1 && *in.Spec.RolloutStrategy.RollingUpdate.MaxSurge != ios0 {
-			allErrs = append(
-				allErrs,
-				field.Required(
-					field.NewPath("spec", "rolloutStrategy", "rollingUpdate", "maxSurge"),
-					"value must be 1 or 0",
-				),
-			)
-		}
-	}
-
-	allErrs = append(allErrs, in.validateCoreDNSImage()...)
-
-	return allErrs
-}
-
-func (in *KubeadmControlPlane) validateCoreDNSImage() (allErrs field.ErrorList) {
-	if in.Spec.KubeadmConfigSpec.ClusterConfiguration == nil {
-		return allErrs
-	}
-	// TODO: Remove when kubeadm types include OpenAPI validation
-	if !container.ImageTagIsValid(in.Spec.KubeadmConfigSpec.ClusterConfiguration.DNS.ImageTag) {
-		allErrs = append(
-			allErrs,
-			field.Forbidden(
-				field.NewPath("spec", "kubeadmConfigSpec", "clusterConfiguration", "dns", "imageTag"),
-				fmt.Sprintf("tag %s is invalid", in.Spec.KubeadmConfigSpec.ClusterConfiguration.DNS.ImageTag),
-			),
-		)
-	}
-	return allErrs
-}
-
 func (in *KubeadmControlPlane) validateCoreDNSVersion(prev *KubeadmControlPlane) (allErrs field.ErrorList) {
 	if in.Spec.KubeadmConfigSpec.ClusterConfiguration == nil || prev.Spec.KubeadmConfigSpec.ClusterConfiguration == nil {
 		return allErrs
@@ -415,58 +249,6 @@ func (in *KubeadmControlPlane) validateCoreDNSVersion(prev *KubeadmControlPlane)
 	return allErrs
 }
 
-func (in *KubeadmControlPlane) validateEtcd(prev *KubeadmControlPlane) (allErrs field.ErrorList) {
-	if in.Spec.KubeadmConfigSpec.ClusterConfiguration == nil {
-		return allErrs
-	}
-
-	// TODO: Remove when kubeadm types include OpenAPI validation
-	if in.Spec.KubeadmConfigSpec.ClusterConfiguration.Etcd.Local != nil && !container.ImageTagIsValid(in.Spec.KubeadmConfigSpec.ClusterConfiguration.Etcd.Local.ImageTag) {
-		allErrs = append(
-			allErrs,
-			field.Forbidden(
-				field.NewPath("spec", "kubeadmConfigSpec", "clusterConfiguration", "etcd", "local", "imageTag"),
-				fmt.Sprintf("tag %s is invalid", in.Spec.KubeadmConfigSpec.ClusterConfiguration.Etcd.Local.ImageTag),
-			),
-		)
-	}
-
-	if in.Spec.KubeadmConfigSpec.ClusterConfiguration.Etcd.Local != nil && in.Spec.KubeadmConfigSpec.ClusterConfiguration.Etcd.External != nil {
-		allErrs = append(
-			allErrs,
-			field.Forbidden(
-				field.NewPath("spec", "kubeadmConfigSpec", "clusterConfiguration", "etcd", "local"),
-				"cannot have both external and local etcd",
-			),
-		)
-	}
-
-	// update validations
-	if prev != nil && prev.Spec.KubeadmConfigSpec.ClusterConfiguration != nil {
-		if in.Spec.KubeadmConfigSpec.ClusterConfiguration.Etcd.External != nil && prev.Spec.KubeadmConfigSpec.ClusterConfiguration.Etcd.Local != nil {
-			allErrs = append(
-				allErrs,
-				field.Forbidden(
-					field.NewPath("spec", "kubeadmConfigSpec", "clusterConfiguration", "etcd", "external"),
-					"cannot change between external and local etcd",
-				),
-			)
-		}
-
-		if in.Spec.KubeadmConfigSpec.ClusterConfiguration.Etcd.Local != nil && prev.Spec.KubeadmConfigSpec.ClusterConfiguration.Etcd.External != nil {
-			allErrs = append(
-				allErrs,
-				field.Forbidden(
-					field.NewPath("spec", "kubeadmConfigSpec", "clusterConfiguration", "etcd", "local"),
-					"cannot change between external and local etcd",
-				),
-			)
-		}
-	}
-
-	return allErrs
-}
-
 func (in *KubeadmControlPlane) validateVersion(previousVersion string) (allErrs field.ErrorList) {
 	fromVersion, err := version.ParseMajorMinorPatch(previousVersion)
 	if err != nil {

controlplane/kubeadm/api/v1alpha4/kubeadmcontrolplane_default.go

@@ -0,0 +1,57 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha4
+
+import (
+	"strings"
+
+	"k8s.io/apimachinery/pkg/util/intstr"
+)
+
+func (s *KubeadmControlPlaneSpec) setDefaults(namespace string) {
+	if s.Replicas == nil {
+		replicas := int32(1)
+		s.Replicas = &replicas
+	}
+
+	if s.MachineTemplate.InfrastructureRef.Namespace == "" {
+		s.MachineTemplate.InfrastructureRef.Namespace = namespace
+	}
+
+	if !strings.HasPrefix(s.Version, "v") {
+		s.Version = "v" + s.Version
+	}
+
+	ios1 := intstr.FromInt(1)
+
+	if s.RolloutStrategy == nil {
+		s.RolloutStrategy = &RolloutStrategy{}
+	}
+
+	// Enforce RollingUpdate strategy and default MaxSurge if not set.
+	if s.RolloutStrategy != nil {
+		if len(s.RolloutStrategy.Type) == 0 {
+			s.RolloutStrategy.Type = RollingUpdateStrategyType
+		}
+		if s.RolloutStrategy.Type == RollingUpdateStrategyType {
+			if s.RolloutStrategy.RollingUpdate == nil {
+				s.RolloutStrategy.RollingUpdate = &RollingUpdate{}
+			}
+			s.RolloutStrategy.RollingUpdate.MaxSurge = intstr.ValueOrDefault(s.RolloutStrategy.RollingUpdate.MaxSurge, ios1)
+		}
+	}
+}