-
Notifications
You must be signed in to change notification settings - Fork 820
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GameServer definition validation #10
Comments
So we should add validations inside the install.yaml at the CRD level using OpenAPI spec ? List of required validations :
Anything else ? Also I see that you listed webhooks and admission controller, I guess you want to use the validation one for complex scenarios ? |
You got most of it - updated the description above to be the canonical reference. Regarding the validation webhook - I'd be surprised if the OpenAPI spec can cover all of the above scenarios - e.g. "Container should refer to an existing container in the PodTemplateSpec, optional if only one container is defined otherwise mandatory.", so leaning on the validation webhook seems like the appropriate response. These features are only available on 1.9 - I started a bit of work on this branch - but I'm currently blocked by #57 (although I could turn off RBAC if need be, at least for development). That being said, if you wanted to start on the OpenSpec part of this, we test it and keep it in reserve until the support for 1.9 is fully integrated. |
I wanted to also tackle the validation webhook, but I could not find a documentation on how to self host your own api in the api-server which seems the best option. They mostly documented what to use and how to setup the webhook. |
@Kuqd yeah, it's not well documented. My task for next week is to build a basic |
found some documentation https://github.com/openshift/generic-admission-server if that can help |
I've got (the receiving) of a basic I'm in the process of making a small library to make adding new webhook configurations simpler without having to build as much of the plumbing yourself - it's getting there. I'm not sure how to candle the ca certs, but for now - keeping things simple and keeping them in the repo. |
Kubernetes 1.9 is now merged - so we can at least now start on the CRD/yaml part of the validation. |
Webhook library to make k8s webhooks easy(er) to use, as well as setting default values on GameServers via it for when they are first created. Some refactoring of GameServer sync in the controller was required and a new PortAllocation state was created. This is also makes #70 and #10 possible to implement.
Webhook library to make k8s webhooks easy(er) to use, as well as setting default values on GameServers via it for when they are first created. Some refactoring of GameServer sync in the controller was required and a new PortAllocation state was created. This is also makes #70 and #10 possible to implement.
Webhook library to make k8s webhooks easy(er) to use, as well as setting default values on GameServers via it for when they are first created. Some refactoring of GameServer sync in the controller was required and a new PortAllocation state was created. This is also makes #70 and #10 possible to implement.
Webhook library to make k8s webhooks easy(er) to use, as well as setting default values on GameServers via it for when they are first created. Some refactoring of GameServer sync in the controller was required and a new PortAllocation state was created. This is also makes #70 and #10 possible to implement.
Webhook library to make k8s webhooks easy(er) to use, as well as setting default values on GameServers via it for when they are first created. Some refactoring of GameServer sync in the controller was required and a new PortAllocation state was created. This is also makes #70 and #10 possible to implement.
Webhook library to make k8s webhooks easy(er) to use, as well as setting default values on GameServers via it for when they are first created. Some refactoring of GameServer sync in the controller was required and a new PortAllocation state was created. This is also makes #70 and #10 possible to implement.
Webhook library to make k8s webhooks easy(er) to use, as well as setting default values on GameServers via it for when they are first created. Some refactoring of GameServer sync in the controller was required and a new PortAllocation state was created. This is also makes #70 and #10 possible to implement.
Webhook library to make k8s webhooks easy(er) to use, as well as setting default values on GameServers via it for when they are first created. Some refactoring of GameServer sync in the controller was required and a new PortAllocation state was created. This is also makes #70 and #10 possible to implement.
@markmandel Do you expect OpenAPI to also validate the PodSpecTemplate ? if yes I guess the bare minimun ? Which is one container with a name and image. |
You ask a good question. I'm leaning towards "no" just for simplicity sake. The If the pod template is bad, the GameServer will go into an Error state, and have an event attached with a message, so if there is an issue, it will be caught by the system. As an aside - I swear I found a github repo witth all of the standard Kubernetes resources as OpenAPI specs, but I can't find it now. |
I might be able to reference it if you do ! At least I could try. |
Ah this was what I found - https://github.com/garethr/kubernetes-json-schema Not sure if it's actually helpful. It seems to reference existing OpenAPI schemas, but I'm not sure where they are. I'm having a bit of an ask around to see what I can find. I wonder if there is a way to reference the existing schema? |
it's there https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/swagger.json
|
Erk 😞 I'll ping some people on my end, see if I can find any information - but sounds like we're going to skip the PodTemplate for now 😢 |
I can copy the most important part which is the containers part right ? |
I'm having issue with arrays. |
Sounds reasonable to me 👍 |
Just found out - refs are coming, just not there yet - |
@Kuqd for organisation sake, should we assign this ticket to you? (are you working on the webhook side of things as well?) |
Yes assign it to me. My plan was to add more validation in the mutating webhook like you started is it ok ? |
Yep - was just chatting with @dzlier-gcp about who was working on what, so just wanted to make sure. 👍 |
Currently there is no validation on a GameServer
Once Kubernetes 1.9 is available on GKE, this can be implemented in the master branch.
We will likely need a combination of CRD validation, as well as webhook validation on creation and mutation.
List of validations
static
ordynamic
, optional, defaults to dynamicstatic
TCP
orUDP
only, optional - defaults to UDPhealth
isdisabled
Research
The text was updated successfully, but these errors were encountered: