Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add validation for the WorkloadSpreadSubset patch field #1237

Merged
merged 1 commit into from
Jun 6, 2023

Conversation

chengleqi
Copy link
Contributor

Ⅰ. Describe what this PR does

Add validation for the WorkloadSpreadSubset patch field

When scheduling-related parameters exist in the patch without validation, they may conflict with the subset of workloadspread. Therefore, this type of patch should be excluded.

Ⅱ. Does this pull request fix one issue?

NONE

Ⅲ. Describe how to verify it

kubectl apply -f config/samples/apps_v1alpha1_cloneset.yaml

kubectl apply -f workloadspread.yaml

apiVersion: apps.kruise.io/v1alpha1
kind: WorkloadSpread
metadata:
  name: workloadspread-sample
spec:
  targetRef:
    apiVersion: apps.kruise.io/v1alpha1
    kind: CloneSet
    name: sample
  subsets:
  - name: subset-a
    requiredNodeSelectorTerm:
      matchExpressions:
        - key: node
          operator: In
          values:
          - zone-a
    maxReplicas: 3
    patch:
      metadata:
        labels:
          subset-name: "subset-a"
      spec:
        # scheduling-related parameters
        nodeName: "kind-worker3"
        nodeSelector:
          node: zone-c
        affinity:
          nodeAffinity:
            requiredDuringSchedulingIgnoredDuringExecution:
              nodeSelectorTerms:
                - matchExpressions:
                    - key: node
                      operator: In
                      values:
                        - zone-c

  - name: subset-b
    requiredNodeSelectorTerm:
      matchExpressions:
        - key: node
          operator: In
          values:
          - zone-b
    patch:
      metadata:
        labels:
          subset-name: "subset-b"

It will report the following error:

Error from server: error when creating "apps_v1alpha1_workloadspread.yaml": admission webhook "vworkloadspread.kb.io" denied the request: [spec.subsets[0].patch: Invalid value: "kind-worker3": NodeName is not permitted in patch, spec.subsets[0].patch: Invalid value: "{\"node\":\"zone-c\"}": NodeSelector is not permitted in patch, spec.subsets[0].patch: Invalid value: "{\"nodeAffinity\":{\"requiredDuringSchedulingIgnoredDuringExecution\":{\"nodeSelectorTerms\":[{\"matchExpressions\":[{\"key\":\"node\",\"operator\":\"In\",\"values\":[\"zone-c\"]}]}]}}}": Affinity is not permitted in patch]

Ⅳ. Special notes for reviews

@kruise-bot kruise-bot requested review from Fei-Guo and FillZpp March 26, 2023 11:50
@kruise-bot kruise-bot added the size/S size/S 10-29 label Mar 26, 2023
@codecov-commenter
Copy link

codecov-commenter commented Mar 26, 2023

Codecov Report

Merging #1237 (1f11c26) into master (6fda363) will decrease coverage by 0.08%.
The diff coverage is 20.00%.

❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more.

@@            Coverage Diff             @@
##           master    #1237      +/-   ##
==========================================
- Coverage   48.45%   48.38%   -0.08%     
==========================================
  Files         151      151              
  Lines       21127    21178      +51     
==========================================
+ Hits        10238    10247       +9     
- Misses       9772     9807      +35     
- Partials     1117     1124       +7     
Flag Coverage Δ
unittests 48.38% <20.00%> (-0.08%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...loadspread/validating/workloadspread_validation.go 62.96% <20.00%> (-11.47%) ⬇️

... and 1 file with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@zmberg zmberg requested review from veophi and removed request for FillZpp and Fei-Guo March 27, 2023 02:06
@kruise-bot kruise-bot added size/M size/M: 30-99 and removed size/S size/S 10-29 labels Apr 5, 2023
@kruise-bot kruise-bot added size/L size/L: 100-499 and removed size/M size/M: 30-99 labels Apr 16, 2023
@kruise-bot kruise-bot added size/M size/M: 30-99 and removed size/L size/L: 100-499 labels Apr 20, 2023
@chengleqi chengleqi closed this May 8, 2023
@chengleqi chengleqi reopened this May 8, 2023
@chengleqi chengleqi closed this May 10, 2023
@chengleqi chengleqi reopened this May 10, 2023
@@ -169,7 +200,7 @@ func validateWorkloadSpreadSpec(obj *appsv1alpha1.WorkloadSpread, fldPath *field
return allErrs
}

func validateWorkloadSpreadSubsets(ws *appsv1alpha1.WorkloadSpread, subsets []appsv1alpha1.WorkloadSpreadSubset, fldPath *field.Path) field.ErrorList {
func validateWorkloadSpreadSubsets(ws *appsv1alpha1.WorkloadSpread, subsets []appsv1alpha1.WorkloadSpreadSubset, workloadTemplate client.Object, fldPath *field.Path) field.ErrorList {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

consider using podtemplate instead of workloadTemplate as function parameters

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure. I'll change it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure whether the podtemplate is o good idea because it's actually a workload such as CloneSet and Deployment.

allErrs = append(allErrs, field.Invalid(fldPath.Index(i).Child("patch"), newPod, fmt.Sprintf("Convert_v1_Pod_To_core_Pod failed: %v", err)))
}
allErrs = append(allErrs, corevalidation.ValidatePodSpec(&coreNewPod.Spec, &coreNewPod.ObjectMeta, fldPath.Index(i).Child("patch"), webhookutil.DefaultPodValidationOptions)...)
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how about the case that workloadTemplate is nil ? in such case, we cannot use ValidatePodSpec directly, instead, we should check whether the patch had change some fields that should not be changed such as affinity

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. I'll add validation for this case.

@kruise-bot kruise-bot added size/L size/L: 100-499 and removed size/M size/M: 30-99 labels May 11, 2023
@chengleqi chengleqi closed this May 12, 2023
@chengleqi chengleqi reopened this May 12, 2023
@kruise-bot kruise-bot added needs-rebase size/M size/M: 30-99 and removed size/L size/L: 100-499 labels May 23, 2023
Copy link
Member

@furykerry furykerry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

Copy link
Member

@furykerry furykerry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@kruise-bot kruise-bot added the lgtm label Jun 6, 2023
@furykerry
Copy link
Member

/approve

@kruise-bot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: furykerry

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kruise-bot kruise-bot merged commit 6d25366 into openkruise:master Jun 6, 2023
@zmberg zmberg added this to the v1.5 milestone Jun 8, 2023
diannaowa pushed a commit to diannaowa/kruise that referenced this pull request Aug 29, 2023
lilongfeng0902 pushed a commit to lilongfeng0902/kruise that referenced this pull request Sep 12, 2023
ppbits pushed a commit to ppbits/kruise that referenced this pull request Apr 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants