TODO: Sanitize/validate this against the same rules for ConfigMap keys. Wouldn't want it to be possible to put ../x in here...

done via API server validation

remove omitempty, this is required

done

add +optional comment

done

add +optional comment

done

for posterity, this is what's going on here:

1. kind/apiVersion were used by the kubelet to persist this struct to disk (they had no protobuf tags)
2. configMapRef and proto tag 1 were used by the API to refer to a configmap, but used a generic ObjectReference type that didn't really have the fields we needed

all uses/persistence of the NodeConfigSource struct prior to 1.11 were gated by alpha feature flags, so there is no persisted data for these fields that needs to be migrated/handled.

Added this as a comment in the file, so it doesn't just live on GitHub.

same comment, this doesn't really belong in the v1 API, it belongs to the kubelet

needs godoc

done

can we have more test cases here, for example, empty name? empty namespace? or UID?

Those cases (empty ConfigMapNodeConfigSource fields) should already be covered by API server validation. I don't see a reason to duplicate that validation here.

The comment here is very hard to understand, could you please add more clarification here?

I updated the comment to provide additional context.

New comment text:

// UID is the metadata.UID of the referenced ConfigMap.
// This field is currently reqired in Node.Spec.
// TODO(#61643): This field will be forbidden in Node.Spec when #61643 is resolved.
//               #61643 changes the behavior of dynamic Kubelet config to respect
//               ConfigMap updates, and thus removes the ability to pin the Spec to a given UID.
// TODO(#56896): This field will be required in Node.Status when #56896 is resolved.
//               #63314 (the PR that resolves #56896) adds a structured status to the Node
//               object for reporting information about the config. This status requires UID
//               and ResourceVersion, so that it represents a fully-explicit description of
//               the configuration in use, while (see previous TODO) the Spec will be
//               restricted to namespace/name in #61643.

Thanks.

Is there any reason separating this validation of a single object into two separate methods here since both are same spec related?

1. You're right, it would be cleaner to remove the Spec suffix here, but it'll just get added back in Move to a structured status for dynamic kubelet config #63314, when NodeConfigSource starts being used as part of the structured status.
2. The split between validateNodeConfigSourceSpec and validateConfigMapNodeConfigSourceSpec recognizes that the former's target (NodeConfigSource) acts as a disjoint union type, and the latter's target (ConfigMapNodeConfigSource) is one of the possible subtypes (there is only one subtype today - a ConfigMap source, but it's open to extension in the future).

Ok. I can live with it. :-)

should this be kubeletconfiginternal.SerializedNodeConfigSource?

No. The external version is what we load; the decoder automatically converts it to the internal version as part of the decoding process.

Is there a reason why we dont use kubeadmconstants.KubeletBaseConfigurationConfigMapKey here? Using "key" or something other than the actual key would make it clearer that we aren't relying on the actual key. Or we should use the constant for the key if we are relying on that.

1. Kubelet should never depend on kubeadm
2. I'm not sure I understand your question? Whatever kubeletConfigKey is set to determines where the Kubelet looks for the Kubelet config. There is no "actual key" - the choice of where to put the config in the ConfigMap is up to the user.

I see, thanks for clarifying.