Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CRD validation via OpenAPIv3 Schema #100

Merged
merged 1 commit into from
Feb 22, 2018
Merged

Add CRD validation via OpenAPIv3 Schema #100

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
93 changes: 93 additions & 0 deletions build/install.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,99 @@ spec:
shortNames:
- gs
singular: gameserver
validation:
openAPIV3Schema:
required:
- spec
properties:
spec:
required:
- containerPort
- template
properties:
template:
type: object
required:
- spec
properties:
spec:
type: object
required:
- containers
properties:
containers:
type: array
items:
type: object
required:
- image
properties:
name:
type: string
minLength: 0
maxLength: 63
pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
image:
type: string
minLength: 1
minItems: 1
container:
title: The container name running the gameserver
description: if there is more than one container, specify which one is the game server
type: string
minLength: 0
maxLength: 63
pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
portPolicy:
title: the port policy that will be applied to the game server
description: |
portPolicy has two options:
- "dynamic" (default) the system allocates a free hostPort for the gameserver, for game clients to connect to
- "static", user defines the hostPort that the game client will connect to. Then onus is on the user to ensure that the
port is available. When static is the policy specified, `hostPort` is required to be populated
type: string
enum:
- dynamic
- static
protocol:
title: Protocol being used. Defaults to UDP. TCP is the only other option
type: string
enum:
- UDP
- TCP
containerPort:
title: The port that is being opened on the game server process
type: integer
minimum: 0
maximum: 65535
hostPort:
title: The port exposed on the host
description: Only required when `portPolicy` is "static". Overwritten when portPolicy is "dynamic".
type: integer
minimum: 0
maximum: 65535
health:
type: object
title: Health checking for the running game server
properties:
disabled:
title: Disable health checking. defaults to false, but can be set to true
type: boolean
initialDelaySeconds:
title: Number of seconds after the container has started before health check is initiated. Defaults to 5 seconds
type: integer
minimum: 0
maximum: 2147483648
periodSeconds:
title: How long before the server is considered not healthy
type: integer
minimum: 0
maximum: 2147483648
failureThreshold:
title: Minimum consecutive failures for the health probe to be considered failed after having succeeded.
type: integer
minimum: 1
maximum: 2147483648
---
apiVersion: extensions/v1beta1
kind: Deployment
Expand Down
93 changes: 93 additions & 0 deletions install.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,99 @@ spec:
shortNames:
- gs
singular: gameserver
validation:
openAPIV3Schema:
required:
- spec
properties:
spec:
required:
- containerPort
- template
properties:
template:
type: object
required:
- spec
properties:
spec:
type: object
required:
- containers
properties:
containers:
type: array
items:
type: object
required:
- image
properties:
name:
type: string
minLength: 0
maxLength: 63
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Curious where 63 comes from -
Looking at the names doc

By convention, the names of Kubernetes resources should be up to maximum length of 253 characters and consist of lower case alphanumeric characters, -, and ., but certain resources have more specific restrictions.

Copy link
Collaborator Author

@cyriltovena cyriltovena Feb 22, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

from here: https://github.com/kubernetes/kubernetes/blob/53a9d106c4aabcd550cc32ae4e8004f32fb0ae7b/pkg/api/validation/validation.go#L280

:) I was also surprised.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

const dns1123LabelFmt string = "[a-z0-9]([-a-z0-9]*[a-z0-9])?"

var dns1123LabelRegexp = regexp.MustCompile("^" + dns1123LabelFmt + "$")

const dns1123LabelMaxLength int = 63

// IsDNS1123Label tests for a string that conforms to the definition of a label in
// DNS (RFC 1123).
func IsDNS1123Label(value string) bool {
	return len(value) <= dns1123LabelMaxLength && dns1123LabelRegexp.MatchString(value)
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Found the latest version here:
https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/core/validation/validation.go#L2854
https://github.com/kubernetes/apimachinery/blob/master/pkg/api/validation/objectmeta.go

But looks like the docs are wrong. Wow, 63 chars is not a huge amount.

pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a . is also allowed in a name

Copy link
Collaborator Author

@cyriltovena cyriltovena Feb 22, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You'll be surprised it's not, I have just tried with a . and it gives me this:

The Pod "nginx-apparmor" is invalid:
* metadata.annotations[container.apparmor.security.beta.kubernetes.io/nginx]: Invalid value: "nginx": container not found
* spec.containers[0].name: Invalid value: "nginx.test": a DNS-1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name',  or '123-abc', regex used for val
idation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?')

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apparently so! Sounds like it's time to file a PR on the Kubernetes documentation.

image:
type: string
minLength: 1
minItems: 1
container:
title: The container name running the gameserver
description: if there is more than one container, specify which one is the game server
type: string
minLength: 0
maxLength: 63
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same questions as above

pattern: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?$"
portPolicy:
title: the port policy that will be applied to the game server
description: |
portPolicy has two options:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Love all these titles and descriptions!! 👍

- "dynamic" (default) the system allocates a free hostPort for the gameserver, for game clients to connect to
- "static", user defines the hostPort that the game client will connect to. Then onus is on the user to ensure that the
port is available. When static is the policy specified, `hostPort` is required to be populated
type: string
enum:
- dynamic
- static
protocol:
title: Protocol being used. Defaults to UDP. TCP is the only other option
type: string
enum:
- UDP
- TCP
containerPort:
title: The port that is being opened on the game server process
type: integer
minimum: 0
maximum: 65535
hostPort:
title: The port exposed on the host
description: Only required when `portPolicy` is "static". Overwritten when portPolicy is "dynamic".
type: integer
minimum: 0
maximum: 65535
health:
type: object
title: Health checking for the running game server
properties:
disabled:
title: Disable health checking. defaults to false, but can be set to true
type: boolean
initialDelaySeconds:
title: Number of seconds after the container has started before health check is initiated. Defaults to 5 seconds
type: integer
minimum: 0
maximum: 2147483648
periodSeconds:
title: How long before the server is considered not healthy
type: integer
minimum: 0
maximum: 2147483648
failureThreshold:
title: Minimum consecutive failures for the health probe to be considered failed after having succeeded.
type: integer
minimum: 1
maximum: 2147483648
---
apiVersion: extensions/v1beta1
kind: Deployment
Expand Down