add validation for cluster api and remove validating webhook #1152
Conversation
karmada-bot
added
the
kind/feature
|
Welcome @carlory! It looks like this is your first PR to karmada-io/karmada 🎉 |
karmada-bot
added
the
size/L
|
Hi @carlory , thanks for your contribution. :) |
carlory
force-pushed
the
add-validation-for-cluster
branch
2 times, most recently
from
3b13344
to
c14bd6e
Compare
|
Thanks @carlory I'll review it ASAP. |
carlory
force-pushed
the
add-validation-for-cluster
branch
2 times, most recently
from
d589329
to
9a93d43
Compare
|
Got it @carlory. |
carlory
force-pushed
the
add-validation-for-cluster
branch
from
9a93d43
to
6bf2976
Compare
|
add validation for impersonatorSecretRef |
carlory
force-pushed
the
add-validation-for-cluster
branch
from
6bf2976
to
73a0485
Compare
carlory
changed the title
|
/cc @RainbowMango @XiShanYongYe-Chang remove validating webhook |
carlory
force-pushed
the
add-validation-for-cluster
branch
from
cdc3af7
to
b45d10b
Compare
|
Hi @carlory, I'll review it now. |
|
Thanks, @carlory. It looks good to me. |
|
Not an objection. Just a question. The validation functionality in |
|
We should remove the configuration from karmada/pkg/karmadactl/cmdinit/karmada/webhook_configuration.go Lines 83 to 98 in 1448754 |
carlory
force-pushed
the
add-validation-for-cluster
branch
from
b45d10b
to
9d3bcfb
Compare
Ok, I will do it. |
|
This can be removed in this pr. Thanks @carlory |
|
thanks! |
|
/assign |
There was a problem hiding this comment.
Generally looks good to me.
- I suggest just putting
validation.gotopkg/apis/clusterdirectory as it is only forinterneltypes. - One main effect for moving the validation from webhook to AA is if there is a bug, it'll block people registering cluster(They can't disable the validation anymore). So, I suggest more unit test for the validations.
| allErrors = append(allErrors, validateTaintEffect(&currTaint.Effect, false, idxPath.Child("effect"))...) | ||
|
|
||
| // validate if taint is unique by <key, effect> | ||
| if len(uniqueTaints[currTaint.Effect]) > 0 && uniqueTaints[currTaint.Effect].Has(currTaint.Key) { |
There was a problem hiding this comment.
| if len(uniqueTaints[currTaint.Effect]) > 0 && uniqueTaints[currTaint.Effect].Has(currTaint.Key) { | |
| if uniqueTaints[currTaint.Effect].Has(currTaint.Key) { |
This will be enough, right?
Don't know if len(sets.String) will work.
There was a problem hiding this comment.
@RainbowMango len(uniqueTaints[currTaint.Effect]) > 0 is necessary to avoid panic
There was a problem hiding this comment.
Really? Do you mean if we invoke Has() method on an empty sets.String{} will panic?
There was a problem hiding this comment.
- I suggest just putting
validation.gotopkg/apis/clusterdirectory as it is only forinterneltypes.
In kubernetes/kubernetes and openshift/origin repo, the validation files are placed in a separate directory.
I recommend keeping the same code style as them, what do you think?
There was a problem hiding this comment.
I recommend keeping the same code style as them, what do you think?
OK for me.
There was a problem hiding this comment.
Really? Do you mean if we invoke
Has()method on an emptysets.String{}will panic?
It may not have been initialized when we invoke Has() method.
// ValidateClusterTaints tests if given taints have valid data.
func ValidateClusterTaints(taints []corev1.Taint, fldPath *field.Path) field.ErrorList {
allErrors := field.ErrorList{}
uniqueTaints := map[corev1.TaintEffect]sets.String{}
for i, currTaint := range taints {
...
// validate if taint is unique by <key, effect>
if len(uniqueTaints[currTaint.Effect]) > 0 && uniqueTaints[currTaint.Effect].Has(currTaint.Key) {
....
}
// add taint to existingTaints for uniqueness check
if len(uniqueTaints[currTaint.Effect]) == 0 {
uniqueTaints[currTaint.Effect] = sets.String{}
}
uniqueTaints[currTaint.Effect].Insert(currTaint.Key)
}
return allErrors
}There was a problem hiding this comment.
ValidateClusterTaints is lifted from kubernetes validateNodeTaints
There was a problem hiding this comment.
For code lifted from k/k, I suggest moving it to a separated file(like kubevalidation.go) and keeping the file header.
If there is a bug we should help fix it in k/k then port it back to Karmada. We can ignore code redundant issues for porting code.
There was a problem hiding this comment.
But, I'm still interest if the len(uniqueTaints[currTaint.Effect]) > 0 could be removed, though.
Because, the sets has been initilized by uniqueTaints := map[corev1.TaintEffect]sets.String{}.
| // Prefix indicates this name will be used as part of generation, in which case | ||
| // trailing dashes are allowed. | ||
| func ValidateClusterName(name string, prefix bool) []string { | ||
| return utilvalidation.ValidateClusterName(name) |
There was a problem hiding this comment.
Can we move utilvalidation.ValidateClusterName to here?
carlory
force-pushed
the
add-validation-for-cluster
branch
2 times, most recently
from
ec856dd
to
7b66545
Compare
|
@carlory Please cc me again if it is ready for review. Thanks for doing this, appreciate it!! |
carlory
force-pushed
the
add-validation-for-cluster
branch
2 times, most recently
from
44637c9
to
e42b79e
Compare
karmada-bot
added
size/XL
|
/cc @RainbowMango @XiShanYongYe-Chang It's ready for review. |
Signed-off-by: carlory <baofa.fan@daocloud.io>
carlory
force-pushed
the
add-validation-for-cluster
branch
from
b10085a
to
f697c03
Compare
|
@XiShanYongYe-Chang done. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: RainbowMango The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
karmada-bot
added
the
approved
|
/lgtm |
What type of PR is this?
/kind feature
Special notes for your reviewer:
Does this PR introduce a user-facing change?: