Merge pull request #18214 from rifelpet/disallow-gce-apiserver-none

gce: Disallow role=apiserver with dns=none

Author: k8s-ci-robot

pkg/apis/kops/validation/instancegroup.go

@@ -242,7 +242,7 @@ func CrossValidateInstanceGroup(g *kops.InstanceGroup, cluster *kops.Cluster, cl
 		if cluster.GetCloudProvider() != kops.CloudProviderAWS && cluster.GetCloudProvider() != kops.CloudProviderGCE {
 			allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "role"), "APIServer role only supported on AWS and GCE"))
 		}
-		if cluster.UsesNoneDNS() && cluster.GetCloudProvider() != kops.CloudProviderGCE {
+		if cluster.UsesNoneDNS() {
 			allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "role"), "APIServer cannot be used with topology.dns.type=None"))
 		}
 	}

pkg/apis/kops/validation/instancegroup_test.go

@@ -541,7 +541,7 @@ func TestCrossValidateAPIServerRole(t *testing.T) {
 			ExpectedErrors: 0,
 		},
 		{
-			Description: "APIServer role allowed on GCE with dns=None",
+			Description: "APIServer role forbidden on GCE with dns=None",
 			Cluster: &kops.Cluster{
 				Spec: kops.ClusterSpec{
 					CloudProvider: kops.CloudProviderSpec{
@@ -550,7 +550,7 @@ func TestCrossValidateAPIServerRole(t *testing.T) {
 					Networking: kops.NetworkingSpec{Topology: noneDNSTopology},
 				},
 			},
-			ExpectedErrors: 0,
+			ExpectedErrors: 1,
 		},
 		{
 			Description: "APIServer role forbidden on AWS with dns=None",