Validate Elasticsearch resource names

[charith-elastic]

Adds checks to ensure that the resource names generated by the operator for a given Elasticsearch object will be valid.

Fixes #1474

[david-kow]

nit: should this be nodeSpec.NodeCount - 1? We start numbering from 0, so for 100 nodes the last ordinal will be 99.

[charith-elastic]

It was intentional to account for the dash before the ordinal but now that I think about it, it doesn't work for node counts below 10.

[david-kow]

Does this account for dash before the ordinal?

[david-kow]

Do we expect anything other than single byte characters? Should we validate that somewhere?

[charith-elastic]

Kubernetes' own validation checks will not let multi-byte names to be submitted at the moment but I prefer not to rely on that assumption.

[david-kow]

Got it. Should we check it in the Validate function then? It seems here we truncate based on (potential) multibyte length, but other than that we allow it and rely on k8s own validation.

[charith-elastic]

So, to provide some context here, the validation webhook simply transitions the object to the INVALID state when the custom validation checks fail. Trying to delete the object causes a problem because the finalizers start running and then start to trip over the invalid names -- making it impossible to delete. This is why I introduced the truncate function so that the object can be deleted even when it is invalid. It should never be used in the happy path and therefore whether the string is multi-byte or not does not really matter.

[david-kow]

I'm not sure if I follow why this is needed. I'd think you always need to account for dash.

[charith-elastic]

You are correct. I made the mistake of thinking in round numbers only.

[sebgl]

We probably need to do something about

cloud-on-k8s/pkg/apis/elasticsearch/v1alpha1/elasticsearch_types.go

Lines 66 to 71 in 88443af

	type NodeSpec struct {
	// Name is a logical name for this set of nodes. Used as a part of the managed Elasticsearch node.name setting.
	// +kubebuilder:validation:Pattern=[a-zA-Z0-9-]+
	// +kubebuilder:validation:MaxLength=19
	// TODO: refactor and explain name length conventions
	Name string `json:"name"`

[charith-elastic]

Max Kubernetes resource name length = 253
Max Elasticsearch name length = 36

If we allow for a maximum node count of 1000, then the ordinal suffix length for pods will be at most 4 (-999) so node spec name length max could be 253-36-4-1 = 212.

However, given that we restrict Elasticsearch name length to 36, should we also just set the node spec name length to 36 for consistency as well? @sebgl

[sebgl]

The biggest constraint we have is label length, limited to 63 characters.
We do use, for example, StatefulSet names (cluster name-node spec name-ordinal) as labels on pods.
The max Elasticsearch length of 36 is something we computed based on that, reverting backward from 63 using the maximum suffix we added at the time (pod name based on cluster name-longest secret name suffix).
The current NodeSpec length of 19 was also somewhat derived from that, but should be updated to something that makes more sense.

What's hard is to either:

1. pick a fixed max ES cluster name + a fixed max NodeSpec name for which both appended fit into 63 characters (with dashes)
2. consider both length are elastic (pun not intended 😄) so the sum of both is not larger than 63, but don't restrict a fixed length for any of those

I guess an in-between approach where we rely on 2, but still pick some fixed max length for both Elasticsearch and the NodeSpec (even though it may lead to an incompatible length that we still reject) may be ok. The values of 36 and 19 are probably nonsense now and should be updated.

[charith-elastic]

(2) is what I wanted to get at as well but it's more difficult than I thought because name generation is not centralised (I missed the labelling part for example). Looks like I'll have to refactor the naming bits a little bit more to make this work.

[sebgl]

I'm wondering whether it would be that bad to just come up with fixed numbers. For example something like: cluster name is limited to 36 characters, node spec name is limited to 21 characters.
Benefit would be that we don't actually have to check anything: name restrictions would be enforced in the API schema directly by Kubernetes. We've seen some people disable our validation webhook for example, making things fail at runtime instead of failing at ES resource creation/update time.

I can imagine some users may want more flexibility (larger cluster names, smaller node spec names), not sure how big of a use case that is.
(I don't have strong opinions on this, just want to make sure we do consider it).

[charith-elastic]

Summarised my findings in the original issue itself: #1474 (comment)

[pebrc]

Looks very comprehensive to me! 👍

[thbkrkr]

LGTM!

I have just a very small reservation about the relevance of adding e2e tests just for that. rejectionOfLongName makes sense. longestPossibleName could be done using another test if at some point we want to save on the number of e2e tests.

[charith-elastic]

@thbkrkr because naming functions are not centralised, it is difficult to be 100% sure that the validation function covers all possible suffixes that could be added to a name. The longestPossibleName test is there to make sure that we catch any cases that the validation function is not aware of.