Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add validation enforcing that network subdomain adheres to RFC 1035 #278

Merged
merged 1 commit into from
Sep 13, 2023
Merged

Add validation enforcing that network subdomain adheres to RFC 1035 #278

merged 1 commit into from
Sep 13, 2023

Conversation

danielvegamyhre
Copy link
Contributor

Fixes #277

cc @kannon92 what do you think of this? It seems a bit odd that we are validating against 2 different RFC standards for the subdomain name, since it's used as both as the service name and subdomain name, but this may be simpler than finding a new way to derive a service name and validating that?

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Aug 28, 2023
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: danielvegamyhre

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot requested a review from ahg-g August 28, 2023 21:33
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Aug 28, 2023
kannon92
kannon92 reviewed Aug 28, 2023
View reviewed changes
Copy link
Contributor

@kannon92 kannon92 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would be considered a breaking change.

@danielvegamyhre
Copy link
Contributor Author

/hold

target for v0.3.0 release?

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 28, 2023
kannon92
kannon92 reviewed Aug 28, 2023
View reviewed changes
api/jobset/v1alpha2/jobset_webhook.go
@@ -91,6 +91,11 @@ func (js *JobSet) ValidateCreate() (admission.Warnings, error) {
for _, errMessage := range validation.IsDNS1123Subdomain(js.Spec.Network.Subdomain) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is RFC 1035 more emcompassing than DNS 1123? ie does validating DNS1035 mean that we also satisfy DNS 1123?

@kannon92
Copy link
Contributor

kannon92 commented Sep 1, 2023

/retest

ahg-g
ahg-g reviewed Sep 7, 2023
View reviewed changes
api/jobset/v1alpha2/jobset_webhook.go
@@ -91,6 +91,11 @@ func (js *JobSet) ValidateCreate() (admission.Warnings, error) {
for _, errMessage := range validation.IsDNS1123Subdomain(js.Spec.Network.Subdomain) {
allErrs = append(allErrs, fmt.Errorf(errMessage))
}

// Since subdomain name is also used as service name, it must adhere to RFC 1035 as well.
for _, errMessage := range validation.IsDNS1035Label(js.Spec.Network.Subdomain) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the subdomain field in the podspec is validated at: https://github.com/kubernetes/kubernetes/blob/6c39a3724d5ff33564d31d5097704f15852c036f/pkg/apis/core/validation/validation.go#L3990

we should do the same here

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah, you are trying to validate for service too, sgtm.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 7, 2023
@danielvegamyhre
Copy link
Contributor Author

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 13, 2023
@k8s-ci-robot k8s-ci-robot merged commit 71e8525 into kubernetes-sigs:main Sep 13, 2023
@danielvegamyhre danielvegamyhre mentioned this pull request Dec 12, 2023
Closed
20 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kannon92 kannon92 kannon92 left review comments

@ahg-g ahg-g ahg-g left review comments

Assignees

@ahg-g ahg-g

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Handle service name exceeds max length error gracefully
4 participants
@danielvegamyhre @k8s-ci-robot @kannon92 @ahg-g