Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add validation to nested ObjectMeta fields #8231

Closed
sbueringer opened this issue Mar 6, 2023 · 5 comments · Fixed by #8431
Closed

Add validation to nested ObjectMeta fields #8231

sbueringer opened this issue Mar 6, 2023 · 5 comments · Fixed by #8431
Assignees
@LuBingtan
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@sbueringer
Copy link
Member

sbueringer commented Mar 6, 2023
edited

Goal of this issue is to add validation to our nested ObjectMeta fields.

An example:

apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: DockerMachineTemplate
metadata:
  name: quick-start-default-worker-machinetemplate
  labels:
    InfrastructureMachineTemplate.machineDeployment.label: "InfraMachineTemplate.machineDeployment.labelValue"
  annotations:
    InfrastructureMachineTemplate.machineDeployment.annotation: "InfraMachineTemplate.machineDeployment.annotationValue"
spec:
  template:
    metadata:
      labels:
        InfrastructureMachineTemplate.machineDeployment.template.label: "InfrastructureMachineTemplate.machineDeployment.template.labelValue"
      annotations:
        InfrastructureMachineTemplate.machineDeployment.template.annotation: "InfrastructureMachineTemplate.machineDeployment.template.annotationValue"

It is possible to create this DockerMachineTemplate but the creation of the DockerMachine will fail with:

{"ts":1678079220431.7004,"caller":"controller/controller.go:329","msg":"Reconciler error","controller":"machineset","controllerGroup":"cluster.x-k8s.io","controllerKind":"MachineSet","MachineSet":{"name":"clusterclass-rollout-yc569z-md-0-4lxmd-675cb7cf76","namespace":"clusterclass-rollout-pyjsqs"},"namespace":"clusterclass-rollout-pyjsqs","name":"clusterclass-rollout-yc569z-md-0-4lxmd-675cb7cf76","reconcileID":"b4ebe555-0657-494c-b7cf-99fce6eed0a9","err":"failed to sync MachineSet replicas: failed to clone infrastructure machine from DockerMachineTemplate clusterclass-rollout-pyjsqs/clusterclass-rollout-yc569z-md-0-infra-4gf6n while creating a machine: DockerMachine.infrastructure.cluster.x-k8s.io "clusterclass-rollout-yc569z-md-0-infra-4gf6n-s4khz" is invalid: [metadata.labels: Invalid value: "InfrastructureMachineTemplate.machineDeployment.template.labelValue": must be no more than 63 characters, metadata.annotations: Invalid value: "InfrastructureMachineTemplate.machineDeployment.template.annotation": name part must be no more than 63 characters]"}

I think the problem is that we have no validation for nested ObjectMeta fields, but when those are actually used as labels/annotations when we create InfraMachine, BootstrapConfig, Machine, ... the regular Kubernetes validation is of course done.

Let's check where we have nested ObjectMeta fields and implement the same validation that Kubernetes has for labels/annotations. This way users already get validation errors when they create objects like DockerMachineTemplate, ClusterClass, Cluster, ... and not just later during reconciliation in controller logs.

/kind feature
@k8s-ci-robot k8s-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Mar 6, 2023
@sbueringer sbueringer changed the title Add validation to nested ObjectMeta Add validation to nested ObjectMeta fields Mar 6, 2023
@fabriziopandini
Copy link
Member

/triage accepted
/help

this makes a lot of sense, thanks for reporting

@k8s-ci-robot
Copy link
Contributor

@fabriziopandini:
This request has been marked as needing help from a contributor.

Guidelines

Please ensure that the issue body includes answers to the following questions:

  • Why are we solving this issue?
  • To address this issue, are there any code changes? If there are code changes, what needs to be done in the code and what places can the assignee treat as reference points?
  • Does this issue have zero to low barrier of entry?
  • How can the assignee reach out to you for help?

For more details on the requirements of such an issue, please see here and ensure that they are met.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

/triage accepted
/help

this makes a lot of sense, thanks for reporting

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Mar 20, 2023
@sbueringer
Copy link
Member Author

Just one clarification. This issue goes way beyond ClusterClass, as far as I can tell every usage of our ObjectMeta in Cluster API is affected.

@ykakarap
Copy link
Contributor

Makes sense. We can use the upstream helper functions for this to ensure that we apply the same rules that Kubernetes does:

@LuBingtan
Copy link
Contributor

I think I should be able to help with this issue. let me give it a try.
/assign

@LuBingtan LuBingtan mentioned this issue Mar 31, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@LuBingtan LuBingtan

Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

✨ Add validation to nested ObjectMeta fields LuBingtan/cluster-api
5 participants
@sbueringer @fabriziopandini @k8s-ci-robot @ykakarap @LuBingtan