AB#2255: Fix kubeadm version incompatibility (#293)

* Update image version * Introduce 'ValidK8sVersion' type. Ensures that consumers of the k8sVersion receive a valid version, without having to do their own validation. * Add testcase to check that kubeadm accepts the currently provided version.
2025-08-02 03:56:07 -04:00 · 2022-07-22 15:05:04 +02:00 · 2022-07-22 15:05:04 +02:00 · 52ceced223
commit 52ceced223
parent ebf76ae7e3
21 changed files with 146 additions and 92 deletions
--- a/bootstrapper/internal/kubernetes/k8sapi/kubeadm_config.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/kubeadm_config.go
@ -5,6 +5,7 @@ import (

 	"github.com/edgelesssys/constellation/bootstrapper/internal/kubelet"
 	"github.com/edgelesssys/constellation/bootstrapper/internal/kubernetes/k8sapi/resources"
+	"github.com/edgelesssys/constellation/internal/versions"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	kubeletconf "k8s.io/kubelet/config/v1beta1"
@ -24,11 +25,12 @@ const (

 type CoreOSConfiguration struct{}

-func (c *CoreOSConfiguration) InitConfiguration(externalCloudProvider bool, k8sVersion string) KubeadmInitYAML {
+func (c *CoreOSConfiguration) InitConfiguration(externalCloudProvider bool, k8sVersion versions.ValidK8sVersion) KubeadmInitYAML {
 	var cloudProvider string
 	if externalCloudProvider {
 		cloudProvider = "external"
 	}
+
 	return KubeadmInitYAML{
 		InitConfiguration: kubeadm.InitConfiguration{
 			TypeMeta: metav1.TypeMeta{
@ -54,7 +56,7 @@ func (c *CoreOSConfiguration) InitConfiguration(externalCloudProvider bool, k8sV
 				APIVersion: kubeadm.SchemeGroupVersion.String(),
 			},
 			// Target kubernetes version of the control plane.
-			KubernetesVersion: k8sVersion,
+			KubernetesVersion: versions.VersionConfigs[k8sVersion].PatchVersion,
 			// necessary to be able to access the kubeapi server through localhost
 			APIServer: kubeadm.APIServer{
 				ControlPlaneComponent: kubeadm.ControlPlaneComponent{
--- a/bootstrapper/internal/kubernetes/k8sapi/kubeadm_config_test.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/kubeadm_config_test.go
@ -1,11 +1,14 @@
 package k8sapi

 import (
+	"fmt"
 	"testing"

+	"github.com/edgelesssys/constellation/internal/versions"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/goleak"
+	kubeadmUtil "k8s.io/kubernetes/cmd/kubeadm/app/util"
 )

 func TestMain(m *testing.M) {
@ -19,11 +22,11 @@ func TestInitConfiguration(t *testing.T) {
 		config KubeadmInitYAML
 	}{
 		"CoreOS init config can be created": {
-			config: coreOSConfig.InitConfiguration(true, "3.2.1"),
+			config: coreOSConfig.InitConfiguration(true, versions.Latest),
 		},
 		"CoreOS init config with all fields can be created": {
 			config: func() KubeadmInitYAML {
-				c := coreOSConfig.InitConfiguration(true, "3.2.1")
+				c := coreOSConfig.InitConfiguration(true, versions.Latest)
 				c.SetAPIServerAdvertiseAddress("192.0.2.0")
 				c.SetNodeIP("192.0.2.0")
 				c.SetNodeName("node")
@ -50,6 +53,38 @@ func TestInitConfiguration(t *testing.T) {
 	}
 }

+func TestInitConfigurationKubeadmCompatibility(t *testing.T) {
+	coreOSConfig := CoreOSConfiguration{}
+
+	testCases := map[string]struct {
+		config          KubeadmInitYAML
+		expectedVersion string
+		wantErr         bool
+	}{
+		"Kubeadm accepts version 'Latest'": {
+			config:          coreOSConfig.InitConfiguration(true, versions.Latest),
+			expectedVersion: fmt.Sprintf("v%s", versions.VersionConfigs[versions.Latest].PatchVersion),
+		},
+		"Kubeadm receives incompatible version": {
+			config:  coreOSConfig.InitConfiguration(true, "1.22"),
+			wantErr: true,
+		},
+	}
+	for name, tc := range testCases {
+		t.Run(name, func(t *testing.T) {
+			assert := assert.New(t)
+
+			version, err := kubeadmUtil.KubernetesReleaseVersion(tc.config.ClusterConfiguration.KubernetesVersion)
+			if tc.wantErr {
+				assert.Error(err)
+				return
+			}
+			assert.Equal(tc.expectedVersion, version)
+			assert.NoError(err)
+		})
+	}
+}
+
 func TestJoinConfiguration(t *testing.T) {
 	coreOSConfig := CoreOSConfiguration{}

--- a/bootstrapper/internal/kubernetes/k8sapi/resources/cluster_autoscaler.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/resources/cluster_autoscaler.go
@ -23,7 +23,7 @@ type autoscalerDeployment struct {
 }

 // NewDefaultAutoscalerDeployment creates a new *autoscalerDeployment, customized for the CSP.
-func NewDefaultAutoscalerDeployment(extraVolumes []k8s.Volume, extraVolumeMounts []k8s.VolumeMount, env []k8s.EnvVar, k8sVersion string) *autoscalerDeployment {
+func NewDefaultAutoscalerDeployment(extraVolumes []k8s.Volume, extraVolumeMounts []k8s.VolumeMount, env []k8s.EnvVar, k8sVersion versions.ValidK8sVersion) *autoscalerDeployment {
 	return &autoscalerDeployment{
 		PodDisruptionBudget: policy.PodDisruptionBudget{
 			TypeMeta: v1.TypeMeta{
--- a/bootstrapper/internal/kubernetes/k8sapi/util.go
+++ b/bootstrapper/internal/kubernetes/k8sapi/util.go
@ -70,12 +70,8 @@ func NewKubernetesUtil() *KubernetesUtil {
 }

 // InstallComponents installs kubernetes components in the version specified.
-func (k *KubernetesUtil) InstallComponents(ctx context.Context, version string) error {
-	var versionConf versions.KubernetesVersion
-	var ok bool
-	if versionConf, ok = versions.VersionConfigs[version]; !ok {
-		return fmt.Errorf("unsupported kubernetes version %q", version)
-	}
+func (k *KubernetesUtil) InstallComponents(ctx context.Context, version versions.ValidK8sVersion) error {
+	versionConf := versions.VersionConfigs[version]

 	if err := k.inst.Install(
 		ctx, versionConf.CNIPluginsURL, []string{cniPluginsDir}, executablePerm, true,