From a9f44d06cd84074d41d177482e3712346f961c3c Mon Sep 17 00:00:00 2001 From: Vince Prignano Date: Mon, 11 Feb 2019 10:36:56 -0800 Subject: [PATCH] Validate MachineSet and MachineDeployment labels (#739) Signed-off-by: Vince Prignano --- cmd/clusterctl/clusterdeployer/BUILD.bazel | 1 + cmd/clusterctl/clusterdeployer/clusterdeployer.go | 2 +- pkg/controller/machinedeployment/controller.go | 11 +++++++++++ pkg/controller/machineset/controller.go | 12 ++++++++++++ 4 files changed, 25 insertions(+), 1 deletion(-) diff --git a/cmd/clusterctl/clusterdeployer/BUILD.bazel b/cmd/clusterctl/clusterdeployer/BUILD.bazel index 0fdbfaafc620..c8bbe34bce0a 100644 --- a/cmd/clusterctl/clusterdeployer/BUILD.bazel +++ b/cmd/clusterctl/clusterdeployer/BUILD.bazel @@ -15,6 +15,7 @@ go_library( "//cmd/clusterctl/phases:go_default_library", "//cmd/clusterctl/providercomponents:go_default_library", "//pkg/apis/cluster/v1alpha1:go_default_library", + "//pkg/util:go_default_library", "//vendor/github.com/pkg/errors:go_default_library", "//vendor/k8s.io/client-go/kubernetes:go_default_library", "//vendor/k8s.io/klog:go_default_library", diff --git a/cmd/clusterctl/clusterdeployer/clusterdeployer.go b/cmd/clusterctl/clusterdeployer/clusterdeployer.go index 75699a65f99f..0bff00484cc0 100644 --- a/cmd/clusterctl/clusterdeployer/clusterdeployer.go +++ b/cmd/clusterctl/clusterdeployer/clusterdeployer.go @@ -109,7 +109,7 @@ func (d *ClusterDeployer) Create(cluster *clusterv1.Cluster, machines []*cluster } } - klog.Info("Creating namespace %q on target cluster", cluster.Namespace) + klog.Infof("Creating namespace %q on target cluster", cluster.Namespace) addNamespaceToTarget := func() (bool, error) { err = targetClient.EnsureNamespace(cluster.Namespace) if err != nil { diff --git a/pkg/controller/machinedeployment/controller.go b/pkg/controller/machinedeployment/controller.go index 503d902204fb..0f4bbbc5583e 100644 --- a/pkg/controller/machinedeployment/controller.go +++ b/pkg/controller/machinedeployment/controller.go @@ -161,6 +161,17 @@ func (r *ReconcileMachineDeployment) Reconcile(request reconcile.Request) (recon return reconcile.Result{}, nil } + // Make sure that label selector can match template's labels. + // TODO(vincepri): Move to a validation (admission) webhook when supported. + selector, err := metav1.LabelSelectorAsSelector(&d.Spec.Selector) + if err != nil { + return reconcile.Result{}, errors.Wrapf(err, "failed to parse MachineDeployment %q label selector", d.Name) + } + + if !selector.Matches(labels.Set(d.Spec.Template.Labels)) { + return reconcile.Result{}, errors.Errorf("failed validation on MachineDeployment %q label selector, cannot match any machines ", d.Name) + } + msList, err := r.getMachineSetsForDeployment(d) if err != nil { return reconcile.Result{}, err diff --git a/pkg/controller/machineset/controller.go b/pkg/controller/machineset/controller.go index 176129b244e1..371f9a2989c7 100644 --- a/pkg/controller/machineset/controller.go +++ b/pkg/controller/machineset/controller.go @@ -26,6 +26,7 @@ import ( "github.com/pkg/errors" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" "k8s.io/klog" clusterv1alpha1 "sigs.k8s.io/cluster-api/pkg/apis/cluster/v1alpha1" @@ -158,6 +159,17 @@ func (r *ReconcileMachineSet) Reconcile(request reconcile.Request) (reconcile.Re return reconcile.Result{}, errors.Wrap(err, "failed to list machines") } + // Make sure that label selector can match template's labels. + // TODO(vincepri): Move to a validation (admission) webhook when supported. + selector, err := metav1.LabelSelectorAsSelector(&machineSet.Spec.Selector) + if err != nil { + return reconcile.Result{}, errors.Wrapf(err, "failed to parse MachineSet %q label selector", machineSet.Name) + } + + if !selector.Matches(labels.Set(machineSet.Spec.Template.Labels)) { + return reconcile.Result{}, errors.Errorf("failed validation on MachineSet %q label selector, cannot match any machines ", machineSet.Name) + } + // Filter out irrelevant machines (deleting/mismatch labels) and claim orphaned machines. filteredMachines := make([]*clusterv1alpha1.Machine, 0, len(allMachines.Items)) for idx := range allMachines.Items {