-
Notifications
You must be signed in to change notification settings - Fork 852
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add validation for cluster api and remove validating webhook #1152
add validation for cluster api and remove validating webhook #1152
Conversation
Welcome @carlory! It looks like this is your first PR to karmada-io/karmada 🎉 |
Hi @carlory , thanks for your contribution. :) |
3b13344
to
c14bd6e
Compare
Thanks @carlory I'll review it ASAP. |
d589329
to
9a93d43
Compare
Got it @carlory. |
9a93d43
to
6bf2976
Compare
add validation for impersonatorSecretRef |
6bf2976
to
73a0485
Compare
/cc @RainbowMango @XiShanYongYe-Chang remove validating webhook |
cdc3af7
to
b45d10b
Compare
Hi @carlory, I'll review it now. |
Thanks, @carlory. It looks good to me. |
Not an objection. Just a question. The validation functionality in |
We should remove the configuration from karmada/pkg/karmadactl/cmdinit/karmada/webhook_configuration.go Lines 83 to 98 in 1448754
|
b45d10b
to
9d3bcfb
Compare
Ok, I will do it. |
This can be removed in this pr. Thanks @carlory |
thanks! |
/assign |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally looks good to me.
- I suggest just putting
validation.go
topkg/apis/cluster
directory as it is only forinternel
types. - One main effect for moving the validation from webhook to AA is if there is a bug, it'll block people registering cluster(They can't disable the validation anymore). So, I suggest more unit test for the validations.
allErrors = append(allErrors, validateTaintEffect(&currTaint.Effect, false, idxPath.Child("effect"))...) | ||
|
||
// validate if taint is unique by <key, effect> | ||
if len(uniqueTaints[currTaint.Effect]) > 0 && uniqueTaints[currTaint.Effect].Has(currTaint.Key) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if len(uniqueTaints[currTaint.Effect]) > 0 && uniqueTaints[currTaint.Effect].Has(currTaint.Key) { | |
if uniqueTaints[currTaint.Effect].Has(currTaint.Key) { |
This will be enough, right?
Don't know if len(sets.String)
will work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@RainbowMango len(uniqueTaints[currTaint.Effect]) > 0
is necessary to avoid panic
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really? Do you mean if we invoke Has()
method on an empty sets.String{}
will panic?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- I suggest just putting
validation.go
topkg/apis/cluster
directory as it is only forinternel
types.
In kubernetes/kubernetes and openshift/origin repo, the validation files are placed in a separate directory.
I recommend keeping the same code style as them, what do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I recommend keeping the same code style as them, what do you think?
OK for me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really? Do you mean if we invoke
Has()
method on an emptysets.String{}
will panic?
It may not have been initialized when we invoke Has()
method.
// ValidateClusterTaints tests if given taints have valid data.
func ValidateClusterTaints(taints []corev1.Taint, fldPath *field.Path) field.ErrorList {
allErrors := field.ErrorList{}
uniqueTaints := map[corev1.TaintEffect]sets.String{}
for i, currTaint := range taints {
...
// validate if taint is unique by <key, effect>
if len(uniqueTaints[currTaint.Effect]) > 0 && uniqueTaints[currTaint.Effect].Has(currTaint.Key) {
....
}
// add taint to existingTaints for uniqueness check
if len(uniqueTaints[currTaint.Effect]) == 0 {
uniqueTaints[currTaint.Effect] = sets.String{}
}
uniqueTaints[currTaint.Effect].Insert(currTaint.Key)
}
return allErrors
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ValidateClusterTaints
is lifted from kubernetes validateNodeTaints
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For code lifted from k/k, I suggest moving it to a separated file(like kubevalidation.go
) and keeping the file header.
If there is a bug we should help fix it in k/k then port it back to Karmada. We can ignore code redundant issues for porting code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But, I'm still interest if the len(uniqueTaints[currTaint.Effect]) > 0
could be removed, though.
Because, the sets
has been initilized by uniqueTaints := map[corev1.TaintEffect]sets.String{}
.
// Prefix indicates this name will be used as part of generation, in which case | ||
// trailing dashes are allowed. | ||
func ValidateClusterName(name string, prefix bool) []string { | ||
return utilvalidation.ValidateClusterName(name) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we move utilvalidation.ValidateClusterName
to here?
ec856dd
to
7b66545
Compare
@carlory Please cc me again if it is ready for review. Thanks for doing this, appreciate it!! |
44637c9
to
e42b79e
Compare
/cc @RainbowMango @XiShanYongYe-Chang It's ready for review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, can you squash some commits.
Signed-off-by: carlory <baofa.fan@daocloud.io>
b10085a
to
f697c03
Compare
@XiShanYongYe-Chang done. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
Leave LGTM to @XiShanYongYe-Chang
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: RainbowMango The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/lgtm |
What type of PR is this?
/kind feature
Special notes for your reviewer:
Does this PR introduce a user-facing change?: