From 06f07ab00042411a20344ebc539bb02b123f7a6a Mon Sep 17 00:00:00 2001 From: Noel Georgi Date: Wed, 27 Nov 2024 19:53:21 +0530 Subject: [PATCH] chore: add authorization config api version Add KubeAPIServer authorization config API version. Signed-off-by: Noel Georgi --- kubernetes/compatibility/features.go | 24 +++++++++++------------ kubernetes/compatibility/features_test.go | 12 ++++-------- 2 files changed, 16 insertions(+), 20 deletions(-) diff --git a/kubernetes/compatibility/features.go b/kubernetes/compatibility/features.go index 0e5513d..bb23a8c 100644 --- a/kubernetes/compatibility/features.go +++ b/kubernetes/compatibility/features.go @@ -22,18 +22,6 @@ func (v Version) FeatureFlagSeccompDefaultEnabledByDefault() bool { return semver.Version(v).GTE(semver.Version{Major: 1, Minor: 25}) } -// KubeSchedulerConfigurationAPIVersion returns the API version of the kube-scheduler configuration. -func (v Version) KubeSchedulerConfigurationAPIVersion() string { - // https://v1-25.docs.kubernetes.io/docs/reference/scheduling/config/ - // v1.25 and above supports v1 - if semver.Version(v).GTE(semver.Version{Major: 1, Minor: 25}) { - return "kubescheduler.config.k8s.io/v1" - } - - // see https://v1-24.docs.kubernetes.io/docs/reference/scheduling/config/ - return "kubescheduler.config.k8s.io/v1beta3" -} - // KubeSchedulerHealthLivenessEndpoint returns the liveness endpoint for the kube-scheduler health check. func (v Version) KubeSchedulerHealthLivenessEndpoint() string { // https://github.com/kubernetes/kubernetes/pull/118148 @@ -81,3 +69,15 @@ func (v Version) FeatureFlagStructuredAuthorizationConfigurationEnabledByDefault // v1.30 and above enables structured authorization configuration by default return semver.Version(v).GTE(semver.Version{Major: 1, Minor: 30}) } + +// KubeAPIServerAuthorizationConfigAPIVersion returns the API version of the kube-apiserver authorization config. +func (v Version) KubeAPIServerAuthorizationConfigAPIVersion() string { + // https://v1-30.docs.kubernetes.io/docs/reference/access-authn-authz/authorization/#using-configuration-file-for-authorization + // v1.30 and above supports v1beta1 + if semver.Version(v).GTE(semver.Version{Major: 1, Minor: 30}) { + return "apiserver.config.k8s.io/v1beta1" + } + + // see https://v1-29.docs.kubernetes.io/docs/reference/access-authn-authz/authorization/#configuring-the-api-server-using-an-authorization-config-file + return "apiserver.config.k8s.io/v1alpha1" +} diff --git a/kubernetes/compatibility/features_test.go b/kubernetes/compatibility/features_test.go index 4fffe2d..b4a198f 100644 --- a/kubernetes/compatibility/features_test.go +++ b/kubernetes/compatibility/features_test.go @@ -20,10 +20,10 @@ func TestFeatures(t *testing.T) { expectedFeatureFlagSeccompDefaultEnabledByDefault bool expectedKubeAPIServerSupportsAuthorizationConfigFile bool expectedFeatureFlagStructuredAuthorizationConfigurationEnabledByDefault bool - expectedKubeSchedulerConfigurationAPIVersion string expectedKubeSchedulerLivenessEndpoint string expectedKubeSchedulerReadinessEndpoint string expectedKubeSchedulerStartupEndpoint string + expectedKubeAPIServerAuthorizationConfigAPIVersion string }{ { versions: []compatibility.Version{ @@ -34,7 +34,6 @@ func TestFeatures(t *testing.T) { expectedFeatureFlagSeccompDefaultEnabledByDefault: false, expectedKubeAPIServerSupportsAuthorizationConfigFile: false, expectedFeatureFlagStructuredAuthorizationConfigurationEnabledByDefault: false, - expectedKubeSchedulerConfigurationAPIVersion: "kubescheduler.config.k8s.io/v1beta3", expectedKubeSchedulerLivenessEndpoint: "/healthz", expectedKubeSchedulerReadinessEndpoint: "/healthz", expectedKubeSchedulerStartupEndpoint: "/healthz", @@ -48,7 +47,6 @@ func TestFeatures(t *testing.T) { expectedFeatureFlagSeccompDefaultEnabledByDefault: true, expectedKubeAPIServerSupportsAuthorizationConfigFile: false, expectedFeatureFlagStructuredAuthorizationConfigurationEnabledByDefault: false, - expectedKubeSchedulerConfigurationAPIVersion: "kubescheduler.config.k8s.io/v1", expectedKubeSchedulerLivenessEndpoint: "/healthz", expectedKubeSchedulerReadinessEndpoint: "/healthz", expectedKubeSchedulerStartupEndpoint: "/healthz", @@ -62,7 +60,6 @@ func TestFeatures(t *testing.T) { expectedFeatureFlagSeccompDefaultEnabledByDefault: true, expectedKubeAPIServerSupportsAuthorizationConfigFile: false, expectedFeatureFlagStructuredAuthorizationConfigurationEnabledByDefault: false, - expectedKubeSchedulerConfigurationAPIVersion: "kubescheduler.config.k8s.io/v1", expectedKubeSchedulerLivenessEndpoint: "/healthz", expectedKubeSchedulerReadinessEndpoint: "/healthz", expectedKubeSchedulerStartupEndpoint: "/healthz", @@ -75,10 +72,10 @@ func TestFeatures(t *testing.T) { expectedFeatureFlagSeccompDefaultEnabledByDefault: true, expectedKubeAPIServerSupportsAuthorizationConfigFile: true, expectedFeatureFlagStructuredAuthorizationConfigurationEnabledByDefault: false, - expectedKubeSchedulerConfigurationAPIVersion: "kubescheduler.config.k8s.io/v1", expectedKubeSchedulerLivenessEndpoint: "/healthz", expectedKubeSchedulerReadinessEndpoint: "/healthz", expectedKubeSchedulerStartupEndpoint: "/healthz", + expectedKubeAPIServerAuthorizationConfigAPIVersion: "apiserver.config.k8s.io/v1alpha1", }, { versions: []compatibility.Version{ @@ -88,10 +85,10 @@ func TestFeatures(t *testing.T) { expectedFeatureFlagSeccompDefaultEnabledByDefault: true, expectedKubeAPIServerSupportsAuthorizationConfigFile: true, expectedFeatureFlagStructuredAuthorizationConfigurationEnabledByDefault: true, - expectedKubeSchedulerConfigurationAPIVersion: "kubescheduler.config.k8s.io/v1", expectedKubeSchedulerLivenessEndpoint: "/healthz", expectedKubeSchedulerReadinessEndpoint: "/healthz", expectedKubeSchedulerStartupEndpoint: "/healthz", + expectedKubeAPIServerAuthorizationConfigAPIVersion: "apiserver.config.k8s.io/v1beta1", }, { versions: []compatibility.Version{ @@ -102,10 +99,10 @@ func TestFeatures(t *testing.T) { expectedFeatureFlagSeccompDefaultEnabledByDefault: true, expectedKubeAPIServerSupportsAuthorizationConfigFile: true, expectedFeatureFlagStructuredAuthorizationConfigurationEnabledByDefault: true, - expectedKubeSchedulerConfigurationAPIVersion: "kubescheduler.config.k8s.io/v1", expectedKubeSchedulerLivenessEndpoint: "/livez", expectedKubeSchedulerReadinessEndpoint: "/readyz", expectedKubeSchedulerStartupEndpoint: "/livez", + expectedKubeAPIServerAuthorizationConfigAPIVersion: "apiserver.config.k8s.io/v1beta1", }, } { for _, version := range test.versions { @@ -114,7 +111,6 @@ func TestFeatures(t *testing.T) { assert.Equal(t, test.expectedFeatureFlagSeccompDefaultEnabledByDefault, version.FeatureFlagSeccompDefaultEnabledByDefault()) assert.Equal(t, test.expectedKubeAPIServerSupportsAuthorizationConfigFile, version.KubeAPIServerSupportsAuthorizationConfigFile()) assert.Equal(t, test.expectedFeatureFlagStructuredAuthorizationConfigurationEnabledByDefault, version.FeatureFlagStructuredAuthorizationConfigurationEnabledByDefault()) - assert.Equal(t, test.expectedKubeSchedulerConfigurationAPIVersion, version.KubeSchedulerConfigurationAPIVersion()) assert.Equal(t, test.expectedKubeSchedulerLivenessEndpoint, version.KubeSchedulerHealthLivenessEndpoint()) assert.Equal(t, test.expectedKubeSchedulerReadinessEndpoint, version.KubeSchedulerHealthReadinessEndpoint()) })