Add generated file

This PR adds generated files under pkg/client and vendor folder.

vendor/k8s.io/kubernetes/cmd/kubeadm/app/util/staticpod/BUILD

@@ -0,0 +1,52 @@
+package(default_visibility = ["//visibility:public"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+    "go_test",
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["utils_test.go"],
+    embed = [":go_default_library"],
+    deps = [
+        "//cmd/kubeadm/app/apis/kubeadm:go_default_library",
+        "//cmd/kubeadm/app/constants:go_default_library",
+        "//cmd/kubeadm/app/features:go_default_library",
+        "//cmd/kubeadm/test:go_default_library",
+        "//vendor/k8s.io/api/core/v1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/util/intstr:go_default_library",
+    ],
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["utils.go"],
+    importpath = "k8s.io/kubernetes/cmd/kubeadm/app/util/staticpod",
+    deps = [
+        "//cmd/kubeadm/app/apis/kubeadm:go_default_library",
+        "//cmd/kubeadm/app/constants:go_default_library",
+        "//cmd/kubeadm/app/features:go_default_library",
+        "//cmd/kubeadm/app/util:go_default_library",
+        "//pkg/kubelet/types:go_default_library",
+        "//vendor/k8s.io/api/core/v1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/api/resource:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/util/intstr:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+)

vendor/k8s.io/kubernetes/cmd/kubeadm/app/util/staticpod/utils.go

@@ -0,0 +1,289 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package staticpod
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/url"
+	"os"
+	"strings"
+
+	"k8s.io/api/core/v1"
+
+	"k8s.io/apimachinery/pkg/api/resource"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
+	"k8s.io/kubernetes/cmd/kubeadm/app/features"
+
+	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
+	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
+	"k8s.io/kubernetes/cmd/kubeadm/app/util"
+	kubetypes "k8s.io/kubernetes/pkg/kubelet/types"
+)
+
+const (
+	// kubeControllerManagerAddressArg represents the address argument of the kube-controller-manager configuration.
+	kubeControllerManagerAddressArg = "address"
+
+	// kubeSchedulerAddressArg represents the address argument of the kube-scheduler configuration.
+	kubeSchedulerAddressArg = "address"
+
+	// etcdListenClientURLsArg represents the listen-client-urls argument of the etcd configuration.
+	etcdListenClientURLsArg = "listen-client-urls"
+)
+
+// ComponentPod returns a Pod object from the container and volume specifications
+func ComponentPod(container v1.Container, volumes map[string]v1.Volume) v1.Pod {
+	return v1.Pod{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "v1",
+			Kind:       "Pod",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:        container.Name,
+			Namespace:   metav1.NamespaceSystem,
+			Annotations: map[string]string{kubetypes.CriticalPodAnnotationKey: ""},
+			// The component and tier labels are useful for quickly identifying the control plane Pods when doing a .List()
+			// against Pods in the kube-system namespace. Can for example be used together with the WaitForPodsWithLabel function
+			Labels: map[string]string{"component": container.Name, "tier": "control-plane"},
+		},
+		Spec: v1.PodSpec{
+			Containers:        []v1.Container{container},
+			PriorityClassName: "system-cluster-critical",
+			HostNetwork:       true,
+			Volumes:           VolumeMapToSlice(volumes),
+		},
+	}
+}
+
+// ComponentResources returns the v1.ResourceRequirements object needed for allocating a specified amount of the CPU
+func ComponentResources(cpu string) v1.ResourceRequirements {
+	return v1.ResourceRequirements{
+		Requests: v1.ResourceList{
+			v1.ResourceName(v1.ResourceCPU): resource.MustParse(cpu),
+		},
+	}
+}
+
+// ComponentProbe is a helper function building a ready v1.Probe object from some simple parameters
+func ComponentProbe(cfg *kubeadmapi.MasterConfiguration, componentName string, port int, path string, scheme v1.URIScheme) *v1.Probe {
+	return &v1.Probe{
+		Handler: v1.Handler{
+			HTTPGet: &v1.HTTPGetAction{
+				Host:   GetProbeAddress(cfg, componentName),
+				Path:   path,
+				Port:   intstr.FromInt(port),
+				Scheme: scheme,
+			},
+		},
+		InitialDelaySeconds: 15,
+		TimeoutSeconds:      15,
+		FailureThreshold:    8,
+	}
+}
+
+// EtcdProbe is a helper function for building a shell-based, etcdctl v1.Probe object to healthcheck etcd
+func EtcdProbe(cfg *kubeadmapi.MasterConfiguration, componentName string, port int, certsDir string, CACertName string, CertName string, KeyName string) *v1.Probe {
+	tlsFlags := fmt.Sprintf("--cacert=%[1]s/%[2]s --cert=%[1]s/%[3]s --key=%[1]s/%[4]s", certsDir, CACertName, CertName, KeyName)
+	// etcd pod is alive if a linearizable get succeeds.
+	cmd := fmt.Sprintf("ETCDCTL_API=3 etcdctl --endpoints=https://[%s]:%d %s get foo", GetProbeAddress(cfg, componentName), port, tlsFlags)
+
+	return &v1.Probe{
+		Handler: v1.Handler{
+			Exec: &v1.ExecAction{
+				Command: []string{"/bin/sh", "-ec", cmd},
+			},
+		},
+		InitialDelaySeconds: 15,
+		TimeoutSeconds:      15,
+		FailureThreshold:    8,
+	}
+}
+
+// NewVolume creates a v1.Volume with a hostPath mount to the specified location
+func NewVolume(name, path string, pathType *v1.HostPathType) v1.Volume {
+	return v1.Volume{
+		Name: name,
+		VolumeSource: v1.VolumeSource{
+			HostPath: &v1.HostPathVolumeSource{
+				Path: path,
+				Type: pathType,
+			},
+		},
+	}
+}
+
+// NewVolumeMount creates a v1.VolumeMount to the specified location
+func NewVolumeMount(name, path string, readOnly bool) v1.VolumeMount {
+	return v1.VolumeMount{
+		Name:      name,
+		MountPath: path,
+		ReadOnly:  readOnly,
+	}
+}
+
+// VolumeMapToSlice returns a slice of volumes from a map's values
+func VolumeMapToSlice(volumes map[string]v1.Volume) []v1.Volume {
+	v := make([]v1.Volume, 0, len(volumes))
+
+	for _, vol := range volumes {
+		v = append(v, vol)
+	}
+
+	return v
+}
+
+// VolumeMountMapToSlice returns a slice of volumes from a map's values
+func VolumeMountMapToSlice(volumeMounts map[string]v1.VolumeMount) []v1.VolumeMount {
+	v := make([]v1.VolumeMount, 0, len(volumeMounts))
+
+	for _, volMount := range volumeMounts {
+		v = append(v, volMount)
+	}
+
+	return v
+}
+
+// GetExtraParameters builds a list of flag arguments two string-string maps, one with default, base commands and one with overrides
+func GetExtraParameters(overrides map[string]string, defaults map[string]string) []string {
+	var command []string
+	for k, v := range overrides {
+		if len(v) > 0 {
+			command = append(command, fmt.Sprintf("--%s=%s", k, v))
+		}
+	}
+	for k, v := range defaults {
+		if _, overrideExists := overrides[k]; !overrideExists {
+			command = append(command, fmt.Sprintf("--%s=%s", k, v))
+		}
+	}
+	return command
+}
+
+// WriteStaticPodToDisk writes a static pod file to disk
+func WriteStaticPodToDisk(componentName, manifestDir string, pod v1.Pod) error {
+
+	// creates target folder if not already exists
+	if err := os.MkdirAll(manifestDir, 0700); err != nil {
+		return fmt.Errorf("failed to create directory %q: %v", manifestDir, err)
+	}
+
+	// writes the pod to disk
+	serialized, err := util.MarshalToYaml(&pod, v1.SchemeGroupVersion)
+	if err != nil {
+		return fmt.Errorf("failed to marshal manifest for %q to YAML: %v", componentName, err)
+	}
+
+	filename := kubeadmconstants.GetStaticPodFilepath(componentName, manifestDir)
+
+	if err := ioutil.WriteFile(filename, serialized, 0600); err != nil {
+		return fmt.Errorf("failed to write static pod manifest file for %q (%q): %v", componentName, filename, err)
+	}
+
+	return nil
+}
+
+// ReadStaticPodFromDisk reads a static pod file from disk
+func ReadStaticPodFromDisk(manifestPath string) (*v1.Pod, error) {
+	buf, err := ioutil.ReadFile(manifestPath)
+	if err != nil {
+		return &v1.Pod{}, fmt.Errorf("failed to read manifest for %q: %v", manifestPath, err)
+	}
+
+	obj, err := util.UnmarshalFromYaml(buf, v1.SchemeGroupVersion)
+	if err != nil {
+		return &v1.Pod{}, fmt.Errorf("failed to unmarshal manifest for %q from YAML: %v", manifestPath, err)
+	}
+
+	pod := obj.(*v1.Pod)
+
+	return pod, nil
+}
+
+// GetProbeAddress returns an IP address or 127.0.0.1 to use for liveness probes
+// in static pod manifests.
+func GetProbeAddress(cfg *kubeadmapi.MasterConfiguration, componentName string) string {
+	switch {
+	case componentName == kubeadmconstants.KubeAPIServer:
+		// In the case of a self-hosted deployment, the initial host on which kubeadm --init is run,
+		// will generate a DaemonSet with a nodeSelector such that all nodes with the label
+		// node-role.kubernetes.io/master='' will have the API server deployed to it. Since the init
+		// is run only once on an initial host, the API advertise address will be invalid for any
+		// future hosts that do not have the same address. Furthermore, since liveness and readiness
+		// probes do not support the Downward API we cannot dynamically set the advertise address to
+		// the node's IP. The only option then is to use localhost.
+		if features.Enabled(cfg.FeatureGates, features.SelfHosting) {
+			return "127.0.0.1"
+		} else if cfg.API.AdvertiseAddress != "" {
+			return cfg.API.AdvertiseAddress
+		}
+	case componentName == kubeadmconstants.KubeControllerManager:
+		if addr, exists := cfg.ControllerManagerExtraArgs[kubeControllerManagerAddressArg]; exists {
+			return addr
+		}
+	case componentName == kubeadmconstants.KubeScheduler:
+		if addr, exists := cfg.SchedulerExtraArgs[kubeSchedulerAddressArg]; exists {
+			return addr
+		}
+	case componentName == kubeadmconstants.Etcd:
+		if cfg.Etcd.Local != nil && cfg.Etcd.Local.ExtraArgs != nil {
+			if arg, exists := cfg.Etcd.Local.ExtraArgs[etcdListenClientURLsArg]; exists {
+				// Use the first url in the listen-client-urls if multiple url's are specified.
+				if strings.ContainsAny(arg, ",") {
+					arg = strings.Split(arg, ",")[0]
+				}
+				parsedURL, err := url.Parse(arg)
+				if err != nil || parsedURL.Hostname() == "" {
+					break
+				}
+				// Return the IP if the URL contains an address instead of a name.
+				if ip := net.ParseIP(parsedURL.Hostname()); ip != nil {
+					// etcdctl doesn't support auto-converting zero addresses into loopback addresses
+					if ip.Equal(net.IPv4zero) {
+						return "127.0.0.1"
+					}
+					if ip.Equal(net.IPv6zero) {
+						return net.IPv6loopback.String()
+					}
+					return ip.String()
+				}
+				// Use the local resolver to try resolving the name within the URL.
+				// If the name can not be resolved, return an IPv4 loopback address.
+				// Otherwise, select the first valid IPv4 address.
+				// If the name does not resolve to an IPv4 address, select the first valid IPv6 address.
+				addrs, err := net.LookupIP(parsedURL.Hostname())
+				if err != nil {
+					break
+				}
+				var ip net.IP
+				for _, addr := range addrs {
+					if addr.To4() != nil {
+						ip = addr
+						break
+					}
+					if addr.To16() != nil && ip == nil {
+						ip = addr
+					}
+				}
+				return ip.String()
+			}
+		}
+	}
+	return "127.0.0.1"
+}

vendor/k8s.io/kubernetes/cmd/kubeadm/app/util/staticpod/utils_test.go

@@ -0,0 +1,609 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package staticpod
+
+import (
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"reflect"
+	"sort"
+	"testing"
+
+	"k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/intstr"
+	"k8s.io/kubernetes/cmd/kubeadm/app/features"
+
+	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
+	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
+	testutil "k8s.io/kubernetes/cmd/kubeadm/test"
+)
+
+func TestComponentResources(t *testing.T) {
+	a := ComponentResources("250m")
+	if a.Requests == nil {
+		t.Errorf(
+			"failed componentResources, return value was nil",
+		)
+	}
+}
+
+func TestComponentProbe(t *testing.T) {
+	var tests = []struct {
+		name      string
+		cfg       *kubeadmapi.MasterConfiguration
+		component string
+		port      int
+		path      string
+		scheme    v1.URIScheme
+		expected  string
+	}{
+		{
+			name: "default apiserver advertise address with http",
+			cfg: &kubeadmapi.MasterConfiguration{
+				API: kubeadmapi.API{
+					AdvertiseAddress: "",
+				},
+			},
+			component: kubeadmconstants.KubeAPIServer,
+			port:      1,
+			path:      "foo",
+			scheme:    v1.URISchemeHTTP,
+			expected:  "127.0.0.1",
+		},
+		{
+			name: "default apiserver advertise address with http",
+			cfg: &kubeadmapi.MasterConfiguration{
+				API: kubeadmapi.API{
+					AdvertiseAddress: "1.2.3.4",
+				},
+				FeatureGates: map[string]bool{
+					features.SelfHosting: true,
+				},
+			},
+			component: kubeadmconstants.KubeAPIServer,
+			port:      1,
+			path:      "foo",
+			scheme:    v1.URISchemeHTTP,
+			expected:  "127.0.0.1",
+		},
+		{
+			name: "default apiserver advertise address with https",
+			cfg: &kubeadmapi.MasterConfiguration{
+				API: kubeadmapi.API{
+					AdvertiseAddress: "",
+				},
+			},
+			component: kubeadmconstants.KubeAPIServer,
+			port:      2,
+			path:      "bar",
+			scheme:    v1.URISchemeHTTPS,
+			expected:  "127.0.0.1",
+		},
+		{
+			name: "valid ipv4 apiserver advertise address with http",
+			cfg: &kubeadmapi.MasterConfiguration{
+				API: kubeadmapi.API{
+					AdvertiseAddress: "1.2.3.4",
+				},
+			},
+			component: kubeadmconstants.KubeAPIServer,
+			port:      1,
+			path:      "foo",
+			scheme:    v1.URISchemeHTTP,
+			expected:  "1.2.3.4",
+		},
+		{
+			name: "valid ipv6 apiserver advertise address with http",
+			cfg: &kubeadmapi.MasterConfiguration{
+				API: kubeadmapi.API{
+					AdvertiseAddress: "2001:db8::1",
+				},
+			},
+			component: kubeadmconstants.KubeAPIServer,
+			port:      1,
+			path:      "foo",
+			scheme:    v1.URISchemeHTTP,
+			expected:  "2001:db8::1",
+		},
+		{
+			name: "valid IPv4 controller-manager probe",
+			cfg: &kubeadmapi.MasterConfiguration{
+				ControllerManagerExtraArgs: map[string]string{"address": "1.2.3.4"},
+			},
+			component: kubeadmconstants.KubeControllerManager,
+			port:      1,
+			path:      "foo",
+			scheme:    v1.URISchemeHTTP,
+			expected:  "1.2.3.4",
+		},
+		{
+			name: "valid IPv6 controller-manager probe",
+			cfg: &kubeadmapi.MasterConfiguration{
+				ControllerManagerExtraArgs: map[string]string{"address": "2001:db8::1"},
+			},
+			component: kubeadmconstants.KubeControllerManager,
+			port:      1,
+			path:      "foo",
+			scheme:    v1.URISchemeHTTP,
+			expected:  "2001:db8::1",
+		},
+		{
+			name: "valid IPv4 scheduler probe",
+			cfg: &kubeadmapi.MasterConfiguration{
+				SchedulerExtraArgs: map[string]string{"address": "1.2.3.4"},
+			},
+			component: kubeadmconstants.KubeScheduler,
+			port:      1,
+			path:      "foo",
+			scheme:    v1.URISchemeHTTP,
+			expected:  "1.2.3.4",
+		},
+		{
+			name: "valid IPv6 scheduler probe",
+			cfg: &kubeadmapi.MasterConfiguration{
+				SchedulerExtraArgs: map[string]string{"address": "2001:db8::1"},
+			},
+			component: kubeadmconstants.KubeScheduler,
+			port:      1,
+			path:      "foo",
+			scheme:    v1.URISchemeHTTP,
+			expected:  "2001:db8::1",
+		},
+	}
+	for _, rt := range tests {
+		actual := ComponentProbe(rt.cfg, rt.component, rt.port, rt.path, rt.scheme)
+		if actual.Handler.HTTPGet.Host != rt.expected {
+			t.Errorf("%s test case failed:\n\texpected: %s\n\t  actual: %s",
+				rt.name, rt.expected,
+				actual.Handler.HTTPGet.Host)
+		}
+		if actual.Handler.HTTPGet.Port != intstr.FromInt(rt.port) {
+			t.Errorf("%s test case failed:\n\texpected: %v\n\t  actual: %v",
+				rt.name, rt.port,
+				actual.Handler.HTTPGet.Port)
+		}
+		if actual.Handler.HTTPGet.Path != rt.path {
+			t.Errorf("%s test case failed:\n\texpected: %s\n\t  actual: %s",
+				rt.name, rt.path,
+				actual.Handler.HTTPGet.Path)
+		}
+		if actual.Handler.HTTPGet.Scheme != rt.scheme {
+			t.Errorf("%s test case failed:\n\texpected: %v\n\t  actual: %v",
+				rt.name, rt.scheme,
+				actual.Handler.HTTPGet.Scheme)
+		}
+	}
+}
+
+func TestEtcdProbe(t *testing.T) {
+	var tests = []struct {
+		name      string
+		cfg       *kubeadmapi.MasterConfiguration
+		component string
+		port      int
+		certsDir  string
+		cacert    string
+		cert      string
+		key       string
+		expected  string
+	}{
+		{
+			name: "valid etcd probe using listen-client-urls IPv4 addresses",
+			cfg: &kubeadmapi.MasterConfiguration{
+				Etcd: kubeadmapi.Etcd{
+					Local: &kubeadmapi.LocalEtcd{
+						ExtraArgs: map[string]string{
+							"listen-client-urls": "http://1.2.3.4:2379,http://4.3.2.1:2379"},
+					},
+				},
+			},
+			component: kubeadmconstants.Etcd,
+			port:      1,
+			certsDir:  "secretsA",
+			cacert:    "ca1",
+			cert:      "cert1",
+			key:       "key1",
+			expected:  "ETCDCTL_API=3 etcdctl --endpoints=https://[1.2.3.4]:1 --cacert=secretsA/ca1 --cert=secretsA/cert1 --key=secretsA/key1 get foo",
+		},
+		{
+			name: "valid etcd probe using listen-client-urls unspecified IPv6 address",
+			cfg: &kubeadmapi.MasterConfiguration{
+				Etcd: kubeadmapi.Etcd{
+					Local: &kubeadmapi.LocalEtcd{
+						ExtraArgs: map[string]string{
+							"listen-client-urls": "http://[0:0:0:0:0:0:0:0]:2379"},
+					},
+				},
+			},
+			component: kubeadmconstants.Etcd,
+			port:      1,
+			certsDir:  "secretsB",
+			cacert:    "ca2",
+			cert:      "cert2",
+			key:       "key2",
+			expected:  "ETCDCTL_API=3 etcdctl --endpoints=https://[::1]:1 --cacert=secretsB/ca2 --cert=secretsB/cert2 --key=secretsB/key2 get foo",
+		},
+		{
+			name: "valid etcd probe using listen-client-urls unspecified IPv6 address 2",
+			cfg: &kubeadmapi.MasterConfiguration{
+				Etcd: kubeadmapi.Etcd{
+					Local: &kubeadmapi.LocalEtcd{
+						ExtraArgs: map[string]string{
+							"listen-client-urls": "http://[::0:0]:2379"},
+					},
+				},
+			},
+			component: kubeadmconstants.Etcd,
+			port:      1,
+			certsDir:  "secretsB",
+			cacert:    "ca2",
+			cert:      "cert2",
+			key:       "key2",
+			expected:  "ETCDCTL_API=3 etcdctl --endpoints=https://[::1]:1 --cacert=secretsB/ca2 --cert=secretsB/cert2 --key=secretsB/key2 get foo",
+		},
+		{
+			name: "valid etcd probe using listen-client-urls unspecified IPv6 address 3",
+			cfg: &kubeadmapi.MasterConfiguration{
+				Etcd: kubeadmapi.Etcd{
+					Local: &kubeadmapi.LocalEtcd{
+						ExtraArgs: map[string]string{
+							"listen-client-urls": "http://[::]:2379"},
+					},
+				},
+			},
+			component: kubeadmconstants.Etcd,
+			port:      1,
+			certsDir:  "secretsB",
+			cacert:    "ca2",
+			cert:      "cert2",
+			key:       "key2",
+			expected:  "ETCDCTL_API=3 etcdctl --endpoints=https://[::1]:1 --cacert=secretsB/ca2 --cert=secretsB/cert2 --key=secretsB/key2 get foo",
+		},
+		{
+			name: "valid etcd probe using listen-client-urls unspecified IPv4 address",
+			cfg: &kubeadmapi.MasterConfiguration{
+				Etcd: kubeadmapi.Etcd{
+					Local: &kubeadmapi.LocalEtcd{
+						ExtraArgs: map[string]string{
+							"listen-client-urls": "http://1.2.3.4:2379,http://4.3.2.1:2379"},
+					},
+				},
+			},
+			component: kubeadmconstants.Etcd,
+			port:      1,
+			certsDir:  "secretsA",
+			cacert:    "ca1",
+			cert:      "cert1",
+			key:       "key1",
+			expected:  "ETCDCTL_API=3 etcdctl --endpoints=https://[1.2.3.4]:1 --cacert=secretsA/ca1 --cert=secretsA/cert1 --key=secretsA/key1 get foo",
+		},
+		{
+			name: "valid etcd probe using listen-client-urls IPv6 addresses",
+			cfg: &kubeadmapi.MasterConfiguration{
+				Etcd: kubeadmapi.Etcd{
+					Local: &kubeadmapi.LocalEtcd{
+						ExtraArgs: map[string]string{
+							"listen-client-urls": "http://[2001:db8::1]:2379,http://[2001:db8::2]:2379"},
+					},
+				},
+			},
+			component: kubeadmconstants.Etcd,
+			port:      1,
+			certsDir:  "secretsB",
+			cacert:    "ca2",
+			cert:      "cert2",
+			key:       "key2",
+			expected:  "ETCDCTL_API=3 etcdctl --endpoints=https://[2001:db8::1]:1 --cacert=secretsB/ca2 --cert=secretsB/cert2 --key=secretsB/key2 get foo",
+		},
+		{
+			name: "valid IPv4 etcd probe using hostname for listen-client-urls",
+			cfg: &kubeadmapi.MasterConfiguration{
+				Etcd: kubeadmapi.Etcd{
+					Local: &kubeadmapi.LocalEtcd{
+						ExtraArgs: map[string]string{
+							"listen-client-urls": "http://localhost:2379"},
+					},
+				},
+			},
+			component: kubeadmconstants.Etcd,
+			port:      1,
+			certsDir:  "secretsC",
+			cacert:    "ca3",
+			cert:      "cert3",
+			key:       "key3",
+			expected:  "ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:1 --cacert=secretsC/ca3 --cert=secretsC/cert3 --key=secretsC/key3 get foo",
+		},
+	}
+	for _, rt := range tests {
+		actual := EtcdProbe(rt.cfg, rt.component, rt.port, rt.certsDir, rt.cacert, rt.cert, rt.key)
+		if actual.Handler.Exec.Command[2] != rt.expected {
+			t.Errorf("%s test case failed:\n\texpected: %s\n\t  actual: %s",
+				rt.name, rt.expected,
+				actual.Handler.Exec.Command[2])
+		}
+	}
+}
+
+func TestComponentPod(t *testing.T) {
+	var tests = []struct {
+		name     string
+		expected v1.Pod
+	}{
+		{
+			name: "foo",
+			expected: v1.Pod{
+				TypeMeta: metav1.TypeMeta{
+					APIVersion: "v1",
+					Kind:       "Pod",
+				},
+				ObjectMeta: metav1.ObjectMeta{
+					Name:        "foo",
+					Namespace:   "kube-system",
+					Annotations: map[string]string{"scheduler.alpha.kubernetes.io/critical-pod": ""},
+					Labels:      map[string]string{"component": "foo", "tier": "control-plane"},
+				},
+				Spec: v1.PodSpec{
+					Containers: []v1.Container{
+						{
+							Name: "foo",
+						},
+					},
+					PriorityClassName: "system-cluster-critical",
+					HostNetwork:       true,
+					Volumes:           []v1.Volume{},
+				},
+			},
+		},
+	}
+
+	for _, rt := range tests {
+		c := v1.Container{Name: rt.name}
+		actual := ComponentPod(c, map[string]v1.Volume{})
+		if !reflect.DeepEqual(rt.expected, actual) {
+			t.Errorf(
+				"failed componentPod:\n\texpected: %v\n\t  actual: %v",
+				rt.expected,
+				actual,
+			)
+		}
+	}
+}
+
+func TestNewVolume(t *testing.T) {
+	hostPathDirectoryOrCreate := v1.HostPathDirectoryOrCreate
+	var tests = []struct {
+		name     string
+		path     string
+		expected v1.Volume
+		pathType *v1.HostPathType
+	}{
+		{
+			name: "foo",
+			path: "/etc/foo",
+			expected: v1.Volume{
+				Name: "foo",
+				VolumeSource: v1.VolumeSource{
+					HostPath: &v1.HostPathVolumeSource{
+						Path: "/etc/foo",
+						Type: &hostPathDirectoryOrCreate,
+					},
+				},
+			},
+			pathType: &hostPathDirectoryOrCreate,
+		},
+	}
+
+	for _, rt := range tests {
+		actual := NewVolume(rt.name, rt.path, rt.pathType)
+		if !reflect.DeepEqual(actual, rt.expected) {
+			t.Errorf(
+				"failed newVolume:\n\texpected: %v\n\t  actual: %v",
+				rt.expected,
+				actual,
+			)
+		}
+	}
+}
+
+func TestNewVolumeMount(t *testing.T) {
+	var tests = []struct {
+		name     string
+		path     string
+		ro       bool
+		expected v1.VolumeMount
+	}{
+		{
+			name: "foo",
+			path: "/etc/foo",
+			ro:   false,
+			expected: v1.VolumeMount{
+				Name:      "foo",
+				MountPath: "/etc/foo",
+				ReadOnly:  false,
+			},
+		},
+		{
+			name: "bar",
+			path: "/etc/foo/bar",
+			ro:   true,
+			expected: v1.VolumeMount{
+				Name:      "bar",
+				MountPath: "/etc/foo/bar",
+				ReadOnly:  true,
+			},
+		},
+	}
+
+	for _, rt := range tests {
+		actual := NewVolumeMount(rt.name, rt.path, rt.ro)
+		if !reflect.DeepEqual(actual, rt.expected) {
+			t.Errorf(
+				"failed newVolumeMount:\n\texpected: %v\n\t  actual: %v",
+				rt.expected,
+				actual,
+			)
+		}
+	}
+}
+func TestVolumeMapToSlice(t *testing.T) {
+	testVolumes := map[string]v1.Volume{
+		"foo": {
+			Name: "foo",
+		},
+	}
+	volumeSlice := VolumeMapToSlice(testVolumes)
+	if len(volumeSlice) != 1 {
+		t.Errorf("Expected slice length of 1, got %d", len(volumeSlice))
+	}
+	if volumeSlice[0].Name != "foo" {
+		t.Errorf("Expected volume name \"foo\", got %s", volumeSlice[0].Name)
+	}
+}
+
+func TestVolumeMountMapToSlice(t *testing.T) {
+	testVolumeMounts := map[string]v1.VolumeMount{
+		"foo": {
+			Name: "foo",
+		},
+	}
+	volumeMountSlice := VolumeMountMapToSlice(testVolumeMounts)
+	if len(volumeMountSlice) != 1 {
+		t.Errorf("Expected slice length of 1, got %d", len(volumeMountSlice))
+	}
+	if volumeMountSlice[0].Name != "foo" {
+		t.Errorf("Expected volume mount name \"foo\", got %s", volumeMountSlice[0].Name)
+	}
+}
+
+func TestGetExtraParameters(t *testing.T) {
+	var tests = []struct {
+		overrides map[string]string
+		defaults  map[string]string
+		expected  []string
+	}{
+		{
+			overrides: map[string]string{
+				"admission-control": "NamespaceLifecycle,LimitRanger",
+			},
+			defaults: map[string]string{
+				"admission-control":     "NamespaceLifecycle",
+				"insecure-bind-address": "127.0.0.1",
+				"allow-privileged":      "true",
+			},
+			expected: []string{
+				"--admission-control=NamespaceLifecycle,LimitRanger",
+				"--insecure-bind-address=127.0.0.1",
+				"--allow-privileged=true",
+			},
+		},
+		{
+			overrides: map[string]string{
+				"admission-control": "NamespaceLifecycle,LimitRanger",
+			},
+			defaults: map[string]string{
+				"insecure-bind-address": "127.0.0.1",
+				"allow-privileged":      "true",
+			},
+			expected: []string{
+				"--admission-control=NamespaceLifecycle,LimitRanger",
+				"--insecure-bind-address=127.0.0.1",
+				"--allow-privileged=true",
+			},
+		},
+	}
+
+	for _, rt := range tests {
+		actual := GetExtraParameters(rt.overrides, rt.defaults)
+		sort.Strings(actual)
+		sort.Strings(rt.expected)
+		if !reflect.DeepEqual(actual, rt.expected) {
+			t.Errorf("failed getExtraParameters:\nexpected:\n%v\nsaw:\n%v", rt.expected, actual)
+		}
+	}
+}
+
+const (
+	validPod = `
+apiVersion: v1
+kind: Pod
+metadata:
+  labels:
+    component: etcd
+    tier: control-plane
+  name: etcd
+  namespace: kube-system
+spec:
+  containers:
+  - image: gcr.io/google_containers/etcd-amd64:3.1.11
+status: {}
+`
+	invalidPod = `---{ broken yaml @@@`
+)
+
+func TestReadStaticPodFromDisk(t *testing.T) {
+	tests := []struct {
+		description   string
+		podYaml       string
+		expectErr     bool
+		writeManifest bool
+	}{
+		{
+			description:   "valid pod is marshaled",
+			podYaml:       validPod,
+			writeManifest: true,
+			expectErr:     false,
+		},
+		{
+			description:   "invalid pod fails to unmarshal",
+			podYaml:       invalidPod,
+			writeManifest: true,
+			expectErr:     true,
+		},
+		{
+			description:   "non-existent file returns error",
+			podYaml:       ``,
+			writeManifest: false,
+			expectErr:     true,
+		},
+	}
+
+	for _, rt := range tests {
+		tmpdir := testutil.SetupTempDir(t)
+		defer os.RemoveAll(tmpdir)
+
+		manifestPath := filepath.Join(tmpdir, "pod.yaml")
+		if rt.writeManifest {
+			err := ioutil.WriteFile(manifestPath, []byte(rt.podYaml), 0644)
+			if err != nil {
+				t.Fatalf("Failed to write pod manifest\n%s\n\tfatal error: %v", rt.description, err)
+			}
+		}
+
+		_, actualErr := ReadStaticPodFromDisk(manifestPath)
+		if (actualErr != nil) != rt.expectErr {
+			t.Errorf(
+				"ReadStaticPodFromDisk failed\n%s\n\texpected error: %t\n\tgot: %t\n\tactual error: %v",
+				rt.description,
+				rt.expectErr,
+				(actualErr != nil),
+				actualErr,
+			)
+		}
+	}
+}