add APIServerEndpoint validation for JoinConfiguration

SataQiu · SataQiu · commit 1041da9ff309 · 2019-09-05T15:01:46.000+08:00
diff --git a/controllers/kubeadmconfig_controller.go b/controllers/kubeadmconfig_controller.go
@@ -85,7 +85,7 @@ func (r *KubeadmConfigReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		Complete(r)
 }
 
-// Reconcile TODO
+// Reconcile handles KubeadmConfig events
 func (r *KubeadmConfigReconciler) Reconcile(req ctrl.Request) (_ ctrl.Result, rerr error) {
 	ctx := context.Background()
 	log := r.Log.WithValues("kubeadmconfig", req.NamespacedName)
@@ -380,7 +380,7 @@ func (r *KubeadmConfigReconciler) ClusterToKubeadmConfigs(o handler.MapObject) [
 	return result
 }
 
-// reconcileDiscovery ensure that config.JoinConfiguration.Discovery is properly set for the joining node.
+// reconcileDiscovery ensures that config.JoinConfiguration.Discovery is properly set for the joining node.
 // The implementation func respect user provided discovery configurations, but in case some of them are missing, a valid BootstrapToken object
 // is automatically injected into config.JoinConfiguration.Discovery.
 // This allows to simplify configuration UX, by providing the option to delegate to CABPK the configuration of kubeadm join discovery.
@@ -398,7 +398,6 @@ func (r *KubeadmConfigReconciler) reconcileDiscovery(cluster *clusterv1.Cluster,
 	}
 
 	// if BootstrapToken already contains an APIServerEndpoint, respect it; otherwise inject the APIServerEndpoint endpoint defined in cluster status
-	//TODO(fp) might be we want to validate user provided APIServerEndpoint and warn/error if it doesn't match the api endpoint defined at cluster level
 	apiServerEndpoint := config.Spec.JoinConfiguration.Discovery.BootstrapToken.APIServerEndpoint
 	if apiServerEndpoint == "" {
 		if len(cluster.Status.APIEndpoints) == 0 {
@@ -410,6 +409,10 @@ func (r *KubeadmConfigReconciler) reconcileDiscovery(cluster *clusterv1.Cluster,
 		config.Spec.JoinConfiguration.Discovery.BootstrapToken.APIServerEndpoint = apiServerEndpoint
 		log.Info("Altering JoinConfiguration.Discovery.BootstrapToken", "APIServerEndpoint", apiServerEndpoint)
 	}
+	// validate user provided APIServerEndpoint matches the api endpoint defined at cluster level
+	if err := validateAPIEndpoints(apiServerEndpoint, cluster.Status.APIEndpoints); err != nil {
+		log.Error(err, "found invalid APIServerEndpoint configuration")
+	}
 
 	// if BootstrapToken already contains a token, respect it; otherwise create a new bootstrap token for the node to join
 	if config.Spec.JoinConfiguration.Discovery.BootstrapToken.Token == "" {
@@ -562,3 +565,17 @@ func (r *KubeadmConfigReconciler) createClusterCertificates(ctx context.Context,
 
 	return certificates, nil
 }
+
+func validateAPIEndpoints(endpoint string, endpoints []clusterv1.APIEndpoint) error {
+	found := false
+	for _, v := range endpoints {
+		if endpoint == fmt.Sprintf("%s:%d", v.Host, v.Port) {
+			found = true
+			break
+		}
+	}
+	if !found {
+		return errors.Errorf("provided APIServerEndpoint %v does not match any api endpoint defined at cluster %v", endpoint, endpoints)
+	}
+	return nil
+}
