-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: add additional name validation for custom resources (#219)
* fix: remove cluster nodebalancer label suffix Removes the label suffix from cluster loadbalancers. This allows for longer cluster names since Linode Nodebalancer labels are constrained to strings of 3..32 characters in length. See: https://www.linode.com/docs/api/nodebalancers/#nodebalancer-create * fix: add name validation for custom resources This propagates the label constraints of Linode resources to their associated CustomResourceDefinitions via the Kubernetes Validation Rules feature. When a custom resource is created, the Kubernetes object name is validated against the label constraints of its backing Linode resources. This allows CAPL-managed resources to maintain a human-readable naming scheme between its Kubernetes representation and the backing Linode implementation. Validation rules are implemented via Kustomize JSON patches due to limitations with Kubebuilder and Strategic Merge Patching with CRDs in Kubernetes. See: - https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-rules - https://www.github.com/kubernetes/kubernetes/issues/74620 - https://www.github.com/kubernetes-sigs/kubebuilder/issues/1074 - https://www.github.com/kubernetes/kubernetes/issues/113223 * fix: add name validation for custom resource templates This further propagates the label constraints of Linode resources to their associated CustomResourceDefinition templates via the Kubernetes Validation Rules feature. * chore: e2e: clean up cluster name format
- Loading branch information
Showing
10 changed files
with
144 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# The following patch adds additional constraints after the built-in name validation for the CRD | ||
- op: add | ||
path: /spec/versions/0/schema/openAPIV3Schema/properties/metadata/properties | ||
value: | ||
name: | ||
type: string | ||
x-kubernetes-validations: | ||
- rule: 3 <= size(self) && size(self) <= 32 | ||
message: >- | ||
custom validation: | ||
linode nodebalancer: labels must be between 3..32 characters |
12 changes: 12 additions & 0 deletions
12
config/crd/patches/validation_in_linodeclustertemplates.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
# The following patch adds additional constraints after the built-in name validation for the CRD | ||
- op: add | ||
path: /spec/versions/0/schema/openAPIV3Schema/properties/metadata/properties | ||
value: | ||
name: | ||
type: string | ||
x-kubernetes-validations: | ||
- rule: 3 <= size(self) && size(self) <= 26 | ||
message: >- | ||
custom validation: | ||
template: must be between 3..26 characters, | ||
linode nodebalancer: labels must be between 3..32 characters |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
# The following patch adds additional constraints after the built-in name validation for the CRD | ||
- op: add | ||
path: /spec/versions/0/schema/openAPIV3Schema/properties/metadata/properties | ||
value: | ||
name: | ||
type: string | ||
x-kubernetes-validations: | ||
- rule: 3 <= size(self) && size(self) <= 64 | ||
message: >- | ||
custom validation: | ||
linode instance: labels must be between 3..64 characters | ||
- rule: self.matches('^[[:alnum:]]([-_.[:alnum:]]+[[:alnum:]])*$') | ||
message: >- | ||
custom validation: | ||
linode instance: labels: | ||
must begin and end with an alphanumeric character, | ||
may only consist of alphanumeric characters, hyphens (-), underscores (_) or periods (.), | ||
cannot have two hyphens (--), underscores (__) or periods (..) in a row, | ||
regex used for validation is: '^[[:alnum:]]([-_.[:alnum:]]+[[:alnum:]])*$', | ||
see: https://www.linode.com/docs/api/linode-instances/#linode-create | ||
# TODO: Consider combining this into the regex above to minimize time complexity | ||
# See: https://github.com/google/cel-spec/blob/master/doc/langdef.md#time-complexity | ||
- rule: "!(self.contains('--') || self.contains('__') || self.contains('..'))" | ||
message: >- | ||
custom validation: | ||
linode instance: labels cannot have two hyphens (--), underscores (__) or periods (..) in a row |
27 changes: 27 additions & 0 deletions
27
config/crd/patches/validation_in_linodemachinetemplates.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# The following patch adds additional constraints after the built-in name validation for the CRD | ||
- op: add | ||
path: /spec/versions/0/schema/openAPIV3Schema/properties/metadata/properties | ||
value: | ||
name: | ||
type: string | ||
x-kubernetes-validations: | ||
- rule: 3 <= size(self) && size(self) <= 58 | ||
message: >- | ||
custom validation: | ||
template: must be between 3..58 characters, | ||
linode instance: labels must be between 3..64 characters | ||
- rule: self.matches('^[[:alnum:]]([-_.[:alnum:]]+[[:alnum:]])*$') | ||
message: >- | ||
custom validation: | ||
linode instance: labels: | ||
must begin and end with an alphanumeric character, | ||
may only consist of alphanumeric characters, hyphens (-), underscores (_) or periods (.), | ||
cannot have two hyphens (--), underscores (__) or periods (..) in a row, | ||
regex used for validation is: '^[[:alnum:]]([-_.[:alnum:]]+[[:alnum:]])*$', | ||
see: https://www.linode.com/docs/api/linode-instances/#linode-create | ||
# TODO: Consider combining this into the regex above to minimize time complexity | ||
# See: https://github.com/google/cel-spec/blob/master/doc/langdef.md#time-complexity | ||
- rule: "!(self.contains('--') || self.contains('__') || self.contains('..'))" | ||
message: >- | ||
custom validation: | ||
linode instance: labels cannot have two hyphens (--), underscores (__) or periods (..) in a row |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# The following patch adds additional constraints after the built-in name validation for the CRD | ||
- op: add | ||
path: /spec/versions/0/schema/openAPIV3Schema/properties/metadata/properties | ||
value: | ||
name: | ||
type: string | ||
x-kubernetes-validations: | ||
- rule: 1 <= size(self) && size(self) <= 64 | ||
message: >- | ||
custom validation: | ||
linode vpc: labels must be between 1..64 characters | ||
- rule: self.matches('^[-[:alnum:]]*$') | ||
message: >- | ||
custom validation: | ||
linode vpc: labels: | ||
can only contain ASCII letters, numbers, and hyphens (-), | ||
cannot have two consecutive hyphens (--), | ||
regex used for validation is: '^[-[:alnum:]]*$', | ||
see: https://www.linode.com/docs/api/vpcs/#vpc-create | ||
# TODO: Consider combining this into the regex above to minimize time complexity | ||
# See: https://github.com/google/cel-spec/blob/master/doc/langdef.md#time-complexity | ||
- rule: "!self.contains('--')" | ||
message: >- | ||
custom validation: | ||
linode vpc: labels cannot have two consecutive hyphens (--) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters