Fresh dep ensure

2025-06-14 18:53:35 +00:00 · 2018-11-26 13:23:56 -05:00
parent 93cb8a04d7
commit 407478ab9a
9016 changed files with 551394 additions and 279685 deletions
--- a/vendor/k8s.io/kubernetes/cmd/kube-apiserver/app/options/BUILD
+++ b/vendor/k8s.io/kubernetes/cmd/kube-apiserver/app/options/BUILD
@ -9,6 +9,7 @@ load(
 go_library(
    name = "go_default_library",
    srcs = [
+        "globalflags.go",
        "options.go",
        "validation.go",
    ],
@ -16,23 +17,32 @@ go_library(
    deps = [
        "//pkg/api/legacyscheme:go_default_library",
        "//pkg/apis/core:go_default_library",
+        "//pkg/cloudprovider/providers:go_default_library",
        "//pkg/features:go_default_library",
        "//pkg/kubeapiserver/options:go_default_library",
        "//pkg/kubelet/client:go_default_library",
        "//pkg/master/ports:go_default_library",
        "//pkg/master/reconcilers:go_default_library",
+        "//pkg/serviceaccount:go_default_library",
+        "//staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/admission:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/server/options:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/storage/storagebackend:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/util/flag:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/util/globalflag:go_default_library",
+        "//staging/src/k8s.io/kube-aggregator/pkg/apiserver/scheme:go_default_library",
        "//vendor/github.com/spf13/pflag:go_default_library",
-        "//vendor/k8s.io/apiextensions-apiserver/pkg/apiserver:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/util/net:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/server/options:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/storage/storagebackend:go_default_library",
-        "//vendor/k8s.io/kube-aggregator/pkg/apiserver/scheme:go_default_library",
    ],
 )

 go_test(
    name = "go_default_test",
-    srcs = ["options_test.go"],
+    srcs = [
+        "globalflags_test.go",
+        "options_test.go",
+    ],
    embed = [":go_default_library"],
    deps = [
        "//pkg/api/legacyscheme:go_default_library",
@ -40,14 +50,15 @@ go_test(
        "//pkg/kubeapiserver/options:go_default_library",
        "//pkg/kubelet/client:go_default_library",
        "//pkg/master/reconcilers:go_default_library",
+        "//staging/src/k8s.io/apimachinery/pkg/util/diff:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/server/options:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/storage/storagebackend:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/util/flag:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/util/globalflag:go_default_library",
+        "//staging/src/k8s.io/apiserver/plugin/pkg/audit/buffered:go_default_library",
+        "//staging/src/k8s.io/apiserver/plugin/pkg/audit/truncate:go_default_library",
+        "//staging/src/k8s.io/client-go/rest:go_default_library",
        "//vendor/github.com/spf13/pflag:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/util/diff:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/server/options:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/storage/storagebackend:go_default_library",
-        "//vendor/k8s.io/apiserver/pkg/util/flag:go_default_library",
-        "//vendor/k8s.io/apiserver/plugin/pkg/audit/buffered:go_default_library",
-        "//vendor/k8s.io/apiserver/plugin/pkg/audit/truncate:go_default_library",
-        "//vendor/k8s.io/client-go/rest:go_default_library",
    ],
 )

--- a/vendor/k8s.io/kubernetes/cmd/kube-apiserver/app/options/globalflags.go
+++ b/vendor/k8s.io/kubernetes/cmd/kube-apiserver/app/options/globalflags.go
@ -0,0 +1,41 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package options
+
+import (
+	"github.com/spf13/pflag"
+
+	"k8s.io/apiserver/pkg/util/globalflag"
+
+	// ensure libs have a chance to globally register their flags
+	_ "k8s.io/apiserver/pkg/admission"
+	_ "k8s.io/kubernetes/pkg/cloudprovider/providers"
+)
+
+// AddCustomGlobalFlags explicitly registers flags that internal packages register
+// against the global flagsets from "flag". We do this in order to prevent
+// unwanted flags from leaking into the kube-apiserver's flagset.
+func AddCustomGlobalFlags(fs *pflag.FlagSet) {
+	// Lookup flags in global flag set and re-register the values with our flagset.
+
+	// Adds flags from k8s.io/kubernetes/pkg/cloudprovider/providers.
+	globalflag.Register(fs, "cloud-provider-gce-lb-src-cidrs")
+
+	// Adds flags from k8s.io/apiserver/pkg/admission.
+	globalflag.Register(fs, "default-not-ready-toleration-seconds")
+	globalflag.Register(fs, "default-unreachable-toleration-seconds")
+}
--- a/vendor/k8s.io/kubernetes/cmd/kube-apiserver/app/options/globalflags_test.go
+++ b/vendor/k8s.io/kubernetes/cmd/kube-apiserver/app/options/globalflags_test.go
@ -0,0 +1,61 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package options
+
+import (
+	"flag"
+	"reflect"
+	"sort"
+	"strings"
+	"testing"
+
+	"github.com/spf13/pflag"
+
+	apiserverflag "k8s.io/apiserver/pkg/util/flag"
+	"k8s.io/apiserver/pkg/util/globalflag"
+)
+
+func TestAddCustomGlobalFlags(t *testing.T) {
+	namedFlagSets := &apiserverflag.NamedFlagSets{}
+
+	// Note that we will register all flags (including klog flags) into the same
+	// flag set. This allows us to test against all global flags from
+	// flags.CommandLine.
+	nfs := namedFlagSets.FlagSet("test")
+	globalflag.AddGlobalFlags(nfs, "test-cmd")
+	AddCustomGlobalFlags(nfs)
+
+	actualFlag := []string{}
+	nfs.VisitAll(func(flag *pflag.Flag) {
+		actualFlag = append(actualFlag, flag.Name)
+	})
+
+	// Get all flags from flags.CommandLine, except flag `test.*`.
+	wantedFlag := []string{"help"}
+	pflag.CommandLine.SetNormalizeFunc(apiserverflag.WordSepNormalizeFunc)
+	pflag.CommandLine.AddGoFlagSet(flag.CommandLine)
+	pflag.VisitAll(func(flag *pflag.Flag) {
+		if !strings.Contains(flag.Name, "test.") {
+			wantedFlag = append(wantedFlag, flag.Name)
+		}
+	})
+	sort.Strings(wantedFlag)
+
+	if !reflect.DeepEqual(wantedFlag, actualFlag) {
+		t.Errorf("[Default]: expected %+v, got %+v", wantedFlag, actualFlag)
+	}
+}
--- a/vendor/k8s.io/kubernetes/cmd/kube-apiserver/app/options/options.go
+++ b/vendor/k8s.io/kubernetes/cmd/kube-apiserver/app/options/options.go
@ -25,16 +25,14 @@ import (
 	utilnet "k8s.io/apimachinery/pkg/util/net"
 	genericoptions "k8s.io/apiserver/pkg/server/options"
 	"k8s.io/apiserver/pkg/storage/storagebackend"
+	apiserverflag "k8s.io/apiserver/pkg/util/flag"
 	api "k8s.io/kubernetes/pkg/apis/core"
+	_ "k8s.io/kubernetes/pkg/features" // add the kubernetes feature gates
 	kubeoptions "k8s.io/kubernetes/pkg/kubeapiserver/options"
 	kubeletclient "k8s.io/kubernetes/pkg/kubelet/client"
 	"k8s.io/kubernetes/pkg/master/ports"
 	"k8s.io/kubernetes/pkg/master/reconcilers"
-
-	// add the kubernetes feature gates
-	_ "k8s.io/kubernetes/pkg/features"
-
-	"github.com/spf13/pflag"
+	"k8s.io/kubernetes/pkg/serviceaccount"
 )

 // ServerRunOptions runs a kubernetes api server.
@ -42,7 +40,7 @@ type ServerRunOptions struct {
 	GenericServerRunOptions *genericoptions.ServerRunOptions
 	Etcd                    *genericoptions.EtcdOptions
 	SecureServing           *genericoptions.SecureServingOptionsWithLoopback
-	InsecureServing         *kubeoptions.InsecureServingOptions
+	InsecureServing         *genericoptions.DeprecatedInsecureServingOptionsWithLoopback
 	Audit                   *genericoptions.AuditOptions
 	Features                *genericoptions.FeatureOptions
 	Admission               *kubeoptions.AdmissionOptions
@ -71,24 +69,26 @@ type ServerRunOptions struct {
 	MasterCount            int
 	EndpointReconcilerType string

-	ServiceAccountSigningKeyFile string
+	ServiceAccountSigningKeyFile     string
+	ServiceAccountIssuer             serviceaccount.TokenGenerator
+	ServiceAccountTokenMaxExpiration time.Duration
 }

 // NewServerRunOptions creates a new ServerRunOptions object with default parameters
 func NewServerRunOptions() *ServerRunOptions {
 	s := ServerRunOptions{
 		GenericServerRunOptions: genericoptions.NewServerRunOptions(),
-		Etcd:                 genericoptions.NewEtcdOptions(storagebackend.NewDefaultConfig(kubeoptions.DefaultEtcdPathPrefix, nil)),
-		SecureServing:        kubeoptions.NewSecureServingOptions(),
-		InsecureServing:      kubeoptions.NewInsecureServingOptions(),
-		Audit:                genericoptions.NewAuditOptions(),
-		Features:             genericoptions.NewFeatureOptions(),
-		Admission:            kubeoptions.NewAdmissionOptions(),
-		Authentication:       kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
-		Authorization:        kubeoptions.NewBuiltInAuthorizationOptions(),
-		CloudProvider:        kubeoptions.NewCloudProviderOptions(),
-		StorageSerialization: kubeoptions.NewStorageSerializationOptions(),
-		APIEnablement:        genericoptions.NewAPIEnablementOptions(),
+		Etcd:                    genericoptions.NewEtcdOptions(storagebackend.NewDefaultConfig(kubeoptions.DefaultEtcdPathPrefix, nil)),
+		SecureServing:           kubeoptions.NewSecureServingOptions(),
+		InsecureServing:         kubeoptions.NewInsecureServingOptions(),
+		Audit:                   genericoptions.NewAuditOptions(),
+		Features:                genericoptions.NewFeatureOptions(),
+		Admission:               kubeoptions.NewAdmissionOptions(),
+		Authentication:          kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
+		Authorization:           kubeoptions.NewBuiltInAuthorizationOptions(),
+		CloudProvider:           kubeoptions.NewCloudProviderOptions(),
+		StorageSerialization:    kubeoptions.NewStorageSerializationOptions(),
+		APIEnablement:           genericoptions.NewAPIEnablementOptions(),

 		EnableLogsHandler:      true,
 		EventTTL:               1 * time.Hour,
@ -122,26 +122,26 @@ func NewServerRunOptions() *ServerRunOptions {
 	return &s
 }

-// AddFlags adds flags for a specific APIServer to the specified FlagSet
-func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
+// Flags returns flags for a specific APIServer by section name
+func (s *ServerRunOptions) Flags() (fss apiserverflag.NamedFlagSets) {
 	// Add the generic flags.
-	s.GenericServerRunOptions.AddUniversalFlags(fs)
-	s.Etcd.AddFlags(fs)
-	s.SecureServing.AddFlags(fs)
-	s.InsecureServing.AddFlags(fs)
-	s.InsecureServing.AddDeprecatedFlags(fs)
-	s.Audit.AddFlags(fs)
-	s.Features.AddFlags(fs)
-	s.Authentication.AddFlags(fs)
-	s.Authorization.AddFlags(fs)
-	s.CloudProvider.AddFlags(fs)
-	s.StorageSerialization.AddFlags(fs)
-	s.APIEnablement.AddFlags(fs)
-	s.Admission.AddFlags(fs)
+	s.GenericServerRunOptions.AddUniversalFlags(fss.FlagSet("generic"))
+	s.Etcd.AddFlags(fss.FlagSet("etcd"))
+	s.SecureServing.AddFlags(fss.FlagSet("secure serving"))
+	s.InsecureServing.AddFlags(fss.FlagSet("insecure serving"))
+	s.InsecureServing.AddUnqualifiedFlags(fss.FlagSet("insecure serving")) // TODO: remove it until kops stops using `--address`
+	s.Audit.AddFlags(fss.FlagSet("auditing"))
+	s.Features.AddFlags(fss.FlagSet("features"))
+	s.Authentication.AddFlags(fss.FlagSet("authentication"))
+	s.Authorization.AddFlags(fss.FlagSet("authorization"))
+	s.CloudProvider.AddFlags(fss.FlagSet("cloud provider"))
+	s.StorageSerialization.AddFlags(fss.FlagSet("storage"))
+	s.APIEnablement.AddFlags(fss.FlagSet("api enablement"))
+	s.Admission.AddFlags(fss.FlagSet("admission"))

 	// Note: the weird ""+ in below lines seems to be the only way to get gofmt to
 	// arrange these text blocks sensibly. Grrr.
-
+	fs := fss.FlagSet("misc")
 	fs.DurationVar(&s.EventTTL, "event-ttl", s.EventTTL,
 		"Amount of time to retain events.")

@ -231,8 +231,10 @@ func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
 		"api-server and calling out to webhook admission plugins.")

 	fs.BoolVar(&s.EnableAggregatorRouting, "enable-aggregator-routing", s.EnableAggregatorRouting,
-		"Turns on aggregator routing requests to endoints IP rather than cluster IP.")
+		"Turns on aggregator routing requests to endpoints IP rather than cluster IP.")

 	fs.StringVar(&s.ServiceAccountSigningKeyFile, "service-account-signing-key-file", s.ServiceAccountSigningKeyFile, ""+
 		"Path to the file that contains the current private key of the service account token issuer. The issuer will sign issued ID tokens with this private key. (Requires the 'TokenRequest' feature gate.)")
+
+	return fss
 }
--- a/vendor/k8s.io/kubernetes/cmd/kube-apiserver/app/options/options_test.go
+++ b/vendor/k8s.io/kubernetes/cmd/kube-apiserver/app/options/options_test.go
@ -26,7 +26,6 @@ import (

 	"k8s.io/apimachinery/pkg/util/diff"
 	apiserveroptions "k8s.io/apiserver/pkg/server/options"
-	genericoptions "k8s.io/apiserver/pkg/server/options"
 	"k8s.io/apiserver/pkg/storage/storagebackend"
 	utilflag "k8s.io/apiserver/pkg/util/flag"
 	auditbuffered "k8s.io/apiserver/plugin/pkg/audit/buffered"
@ -40,9 +39,11 @@ import (
 )

 func TestAddFlags(t *testing.T) {
-	f := pflag.NewFlagSet("addflagstest", pflag.ContinueOnError)
+	fs := pflag.NewFlagSet("addflagstest", pflag.ContinueOnError)
 	s := NewServerRunOptions()
-	s.AddFlags(f)
+	for _, f := range s.Flags().FlagSets {
+		fs.AddFlagSet(f)
+	}

 	args := []string{
 		"--enable-admission-plugins=AlwaysDeny",
@ -97,7 +98,6 @@ func TestAddFlags(t *testing.T) {
 		"--enable-logs-handler=false",
 		"--enable-swagger-ui=true",
 		"--endpoint-reconciler-type=" + string(reconcilers.LeaseEndpointReconcilerType),
-		"--etcd-quorum-read=false",
 		"--etcd-keyfile=/var/run/kubernetes/etcd.key",
 		"--etcd-certfile=/var/run/kubernetes/etcdce.crt",
 		"--etcd-cafile=/var/run/kubernetes/etcdca.crt",
@ -111,9 +111,9 @@ func TestAddFlags(t *testing.T) {
 		"--proxy-client-cert-file=/var/run/kubernetes/proxy.crt",
 		"--proxy-client-key-file=/var/run/kubernetes/proxy.key",
 		"--request-timeout=2m",
-		"--storage-backend=etcd2",
+		"--storage-backend=etcd3",
 	}
-	f.Parse(args)
+	fs.Parse(args)

 	// This is a snapshot of expected options parsed by args.
 	expected := &ServerRunOptions{
@ -141,11 +141,9 @@ func TestAddFlags(t *testing.T) {
 		},
 		Etcd: &apiserveroptions.EtcdOptions{
 			StorageConfig: storagebackend.Config{
-				Type:       "etcd2",
-				ServerList: nil,
-				Prefix:     "/registry",
-				DeserializationCacheSize: 0,
-				Quorum:                false,
+				Type:                  "etcd3",
+				ServerList:            nil,
+				Prefix:                "/registry",
 				KeyFile:               "/var/run/kubernetes/etcd.key",
 				CAFile:                "/var/run/kubernetes/etcdca.crt",
 				CertFile:              "/var/run/kubernetes/etcdce.crt",
@ -158,7 +156,7 @@ func TestAddFlags(t *testing.T) {
 			EnableWatchCache:        true,
 			DefaultWatchCacheSize:   100,
 		},
-		SecureServing: genericoptions.WithLoopback(&apiserveroptions.SecureServingOptions{
+		SecureServing: (&apiserveroptions.SecureServingOptions{
 			BindAddress: net.ParseIP("192.168.10.20"),
 			BindPort:    6443,
 			ServerCert: apiserveroptions.GeneratableKeyCert{
@ -166,11 +164,12 @@ func TestAddFlags(t *testing.T) {
 				PairName:      "apiserver",
 			},
 			HTTP2MaxStreamsPerConnection: 42,
-		}),
-		InsecureServing: &kubeoptions.InsecureServingOptions{
+			Required:                     true,
+		}).WithLoopback(),
+		InsecureServing: (&apiserveroptions.DeprecatedInsecureServingOptions{
 			BindAddress: net.ParseIP("127.0.0.1"),
 			BindPort:    8080,
-		},
+		}).WithLoopback(),
 		EventTTL: 1 * time.Hour,
 		KubeletConfig: kubeletclient.KubeletClientConfig{
 			Port:         10250,
@ -228,6 +227,7 @@ func TestAddFlags(t *testing.T) {
 						ThrottleEnable: false,
 						ThrottleQPS:    43.5,
 						ThrottleBurst:  44,
+						AsyncDelegate:  true,
 					},
 				},
 				TruncateOptions: apiserveroptions.AuditTruncateOptions{
--- a/vendor/k8s.io/kubernetes/cmd/kube-apiserver/app/options/validation.go
+++ b/vendor/k8s.io/kubernetes/cmd/kube-apiserver/app/options/validation.go
@ -17,74 +17,89 @@ limitations under the License.
 package options

 import (
+	"errors"
 	"fmt"

 	apiextensionsapiserver "k8s.io/apiextensions-apiserver/pkg/apiserver"
+	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	aggregatorscheme "k8s.io/kube-aggregator/pkg/apiserver/scheme"
 	"k8s.io/kubernetes/pkg/api/legacyscheme"
+	"k8s.io/kubernetes/pkg/features"
 )

 // TODO: Longer term we should read this from some config store, rather than a flag.
 func validateClusterIPFlags(options *ServerRunOptions) []error {
-	errors := []error{}
+	var errs []error
+
 	if options.ServiceClusterIPRange.IP == nil {
-		errors = append(errors, fmt.Errorf("no --service-cluster-ip-range specified"))
+		errs = append(errs, errors.New("no --service-cluster-ip-range specified"))
 	}
 	var ones, bits = options.ServiceClusterIPRange.Mask.Size()
 	if bits-ones > 20 {
-		errors = append(errors, fmt.Errorf("specified --service-cluster-ip-range is too large"))
+		errs = append(errs, errors.New("specified --service-cluster-ip-range is too large"))
 	}
-	return errors
+
+	return errs
 }

 func validateServiceNodePort(options *ServerRunOptions) []error {
-	errors := []error{}
+	var errs []error
+
 	if options.KubernetesServiceNodePort < 0 || options.KubernetesServiceNodePort > 65535 {
-		errors = append(errors, fmt.Errorf("--kubernetes-service-node-port %v must be between 0 and 65535, inclusive. If 0, the Kubernetes master service will be of type ClusterIP", options.KubernetesServiceNodePort))
+		errs = append(errs, fmt.Errorf("--kubernetes-service-node-port %v must be between 0 and 65535, inclusive. If 0, the Kubernetes master service will be of type ClusterIP", options.KubernetesServiceNodePort))
 	}

 	if options.KubernetesServiceNodePort > 0 && !options.ServiceNodePortRange.Contains(options.KubernetesServiceNodePort) {
-		errors = append(errors, fmt.Errorf("kubernetes service port range %v doesn't contain %v", options.ServiceNodePortRange, (options.KubernetesServiceNodePort)))
+		errs = append(errs, fmt.Errorf("kubernetes service port range %v doesn't contain %v", options.ServiceNodePortRange, (options.KubernetesServiceNodePort)))
 	}
-	return errors
+	return errs
 }

-// Validate checks ServerRunOptions and return a slice of found errors.
+func validateTokenRequest(options *ServerRunOptions) []error {
+	var errs []error
+
+	enableAttempted := options.ServiceAccountSigningKeyFile != "" ||
+		options.Authentication.ServiceAccounts.Issuer != "" ||
+		len(options.Authentication.APIAudiences) != 0
+
+	enableSucceeded := options.ServiceAccountIssuer != nil
+
+	if enableAttempted && !utilfeature.DefaultFeatureGate.Enabled(features.TokenRequest) {
+		errs = append(errs, errors.New("the TokenRequest feature is not enabled but --service-account-signing-key-file, --service-account-issuer and/or --api-audiences flags were passed"))
+	}
+
+	if utilfeature.DefaultFeatureGate.Enabled(features.BoundServiceAccountTokenVolume) && !utilfeature.DefaultFeatureGate.Enabled(features.TokenRequest) {
+		errs = append(errs, errors.New("the BoundServiceAccountTokenVolume feature depends on the TokenRequest feature, but the TokenRequest features is not enabled"))
+	}
+
+	if !enableAttempted && utilfeature.DefaultFeatureGate.Enabled(features.BoundServiceAccountTokenVolume) {
+		errs = append(errs, errors.New("--service-account-signing-key-file and --service-account-issuer are required flags"))
+	}
+
+	if enableAttempted && !enableSucceeded {
+		errs = append(errs, errors.New("--service-account-signing-key-file, --service-account-issuer, and --api-audiences should be specified together"))
+	}
+
+	return errs
+}
+
+// Validate checks ServerRunOptions and return a slice of found errs.
 func (s *ServerRunOptions) Validate() []error {
-	var errors []error
-	if errs := s.Etcd.Validate(); len(errs) > 0 {
-		errors = append(errors, errs...)
-	}
-	if errs := validateClusterIPFlags(s); len(errs) > 0 {
-		errors = append(errors, errs...)
-	}
-	if errs := validateServiceNodePort(s); len(errs) > 0 {
-		errors = append(errors, errs...)
-	}
-	if errs := s.SecureServing.Validate(); len(errs) > 0 {
-		errors = append(errors, errs...)
-	}
-	if errs := s.Authentication.Validate(); len(errs) > 0 {
-		errors = append(errors, errs...)
-	}
-	if errs := s.Authorization.Validate(); len(errs) > 0 {
-		errors = append(errors, errs...)
-	}
-	if errs := s.Audit.Validate(); len(errs) > 0 {
-		errors = append(errors, errs...)
-	}
-	if errs := s.Admission.Validate(); len(errs) > 0 {
-		errors = append(errors, errs...)
-	}
-	if errs := s.InsecureServing.Validate(); len(errs) > 0 {
-		errors = append(errors, errs...)
-	}
+	var errs []error
 	if s.MasterCount <= 0 {
-		errors = append(errors, fmt.Errorf("--apiserver-count should be a positive number, but value '%d' provided", s.MasterCount))
-	}
-	if errs := s.APIEnablement.Validate(legacyscheme.Scheme, apiextensionsapiserver.Scheme, aggregatorscheme.Scheme); len(errs) > 0 {
-		errors = append(errors, errs...)
+		errs = append(errs, fmt.Errorf("--apiserver-count should be a positive number, but value '%d' provided", s.MasterCount))
 	}
+	errs = append(errs, s.Etcd.Validate()...)
+	errs = append(errs, validateClusterIPFlags(s)...)
+	errs = append(errs, validateServiceNodePort(s)...)
+	errs = append(errs, s.SecureServing.Validate()...)
+	errs = append(errs, s.Authentication.Validate()...)
+	errs = append(errs, s.Authorization.Validate()...)
+	errs = append(errs, s.Audit.Validate()...)
+	errs = append(errs, s.Admission.Validate()...)
+	errs = append(errs, s.InsecureServing.Validate()...)
+	errs = append(errs, s.APIEnablement.Validate(legacyscheme.Scheme, apiextensionsapiserver.Scheme, aggregatorscheme.Scheme)...)
+	errs = append(errs, validateTokenRequest(s)...)

-	return errors
+	return errs
 }