Skip to content

Commit

Permalink
Merge pull request openstack-k8s-operators#898 from fao89/volnames
Browse files Browse the repository at this point in the history
Validate dataplane volume names
  • Loading branch information
openshift-merge-bot[bot] authored Jul 19, 2024
2 parents 27bade1 + 872ef1a commit d662542
Show file tree
Hide file tree
Showing 8 changed files with 45 additions and 1,537 deletions.
745 changes: 0 additions & 745 deletions apis/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml

Large diffs are not rendered by default.

4 changes: 0 additions & 4 deletions apis/dataplane/v1beta1/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -102,10 +102,6 @@ type AnsibleOpts struct {

// NodeSection defines the top level attributes inherited by nodes in the CR.
type NodeSection struct {
// ExtraMounts containing files which can be mounted into an Ansible Execution Pod
// +kubebuilder:validation:Optional
ExtraMounts []storage.VolMounts `json:"extraMounts,omitempty"`

// Networks - Instance networks
// +kubebuilder:validation:Optional
Networks []infranetworkv1.IPSetNetwork `json:"networks,omitempty"`
Expand Down
13 changes: 13 additions & 0 deletions apis/dataplane/v1beta1/openstackdataplanenodeset_webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import (
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
apimachineryvalidation "k8s.io/apimachinery/pkg/util/validation"
"k8s.io/apimachinery/pkg/util/validation/field"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
Expand Down Expand Up @@ -123,6 +124,18 @@ func (r *OpenStackDataPlaneNodeSet) ValidateCreate() (admission.Warnings, error)
r.Name,
fmt.Sprintf("Error validating OpenStackDataPlaneNodeSet name %s, name must follow RFC1123", r.Name)))
}
// Validate volume names
for _, emount := range r.Spec.NodeTemplate.ExtraMounts {
for _, vol := range emount.Volumes {
msgs := apimachineryvalidation.IsDNS1123Label(vol.Name)
for _, msg := range msgs {
errors = append(errors, field.Invalid(
field.NewPath("spec.nodeTemplate.extraMounts"),
vol.Name,
msg))
}
}
}
if len(errors) > 0 {
openstackdataplanenodesetlog.Info("validation failed", "name", r.Name)

Expand Down
7 changes: 0 additions & 7 deletions apis/dataplane/v1beta1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Large diffs are not rendered by default.

37 changes: 27 additions & 10 deletions pkg/dataplane/deployment.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
slices "golang.org/x/exp/slices"
k8s_errors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/types"
apimachineryvalidation "k8s.io/apimachinery/pkg/util/validation"
ctrl "sigs.k8s.io/controller-runtime"

"github.com/iancoleman/strcase"
Expand Down Expand Up @@ -310,8 +311,12 @@ func (d *Deployer) addCertMounts(
}
projectedVolumeSource.Sources = append(projectedVolumeSource.Sources, volumeProjection)
}
volumeName := GetServiceCertsSecretName(d.NodeSet, service.Name, certKey, 0)
if len(volumeName) > apimachineryvalidation.DNS1123LabelMaxLength {
volumeName = volumeName[:apimachineryvalidation.DNS1123LabelMaxLength]
}
certVolume := corev1.Volume{
Name: GetServiceCertsSecretName(d.NodeSet, service.Name, certKey, 0),
Name: volumeName,
VolumeSource: corev1.VolumeSource{
Projected: &projectedVolumeSource,
},
Expand All @@ -323,7 +328,7 @@ func (d *Deployer) addCertMounts(
}

certVolumeMount := corev1.VolumeMount{
Name: GetServiceCertsSecretName(d.NodeSet, service.Name, certKey, 0),
Name: volumeName,
MountPath: path.Join(CertPaths, certMountDir, certKey),
}
volMounts.Volumes = append(volMounts.Volumes, certVolume)
Expand All @@ -341,8 +346,12 @@ func (d *Deployer) addCertMounts(
if err != nil {
return d.AeeSpec, err
}
volumeName := fmt.Sprintf("%s-%s", service.Name, service.Spec.CACerts)
if len(volumeName) > apimachineryvalidation.DNS1123LabelMaxLength {
volumeName = volumeName[:apimachineryvalidation.DNS1123LabelMaxLength]
}
cacertVolume := corev1.Volume{
Name: fmt.Sprintf("%s-%s", service.Name, service.Spec.CACerts),
Name: volumeName,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: service.Spec.CACerts,
Expand All @@ -351,7 +360,7 @@ func (d *Deployer) addCertMounts(
}

cacertVolumeMount := corev1.VolumeMount{
Name: fmt.Sprintf("%s-%s", service.Name, service.Spec.CACerts),
Name: volumeName,
MountPath: path.Join(CACertPaths, service.Spec.EDPMServiceType),
}

Expand Down Expand Up @@ -401,9 +410,13 @@ func (d *Deployer) addServiceExtraMounts(
sort.Strings(keys)

for idx, key := range keys {
name := fmt.Sprintf("%s-%s", cm.Name, strconv.Itoa(idx))
volumeName := fmt.Sprintf("%s-%s", cm.Name, strconv.Itoa(idx))
if len(volumeName) > apimachineryvalidation.DNS1123LabelMaxLength {
limit := apimachineryvalidation.DNS1123LabelMaxLength - len(strconv.Itoa(idx))
volumeName = volumeName[:limit] + strconv.Itoa(idx)
}
volume := corev1.Volume{
Name: name,
Name: volumeName,
VolumeSource: corev1.VolumeSource{
ConfigMap: &corev1.ConfigMapVolumeSource{
LocalObjectReference: corev1.LocalObjectReference{
Expand All @@ -420,7 +433,7 @@ func (d *Deployer) addServiceExtraMounts(
}

volumeMount := corev1.VolumeMount{
Name: name,
Name: volumeName,
MountPath: path.Join(baseMountPath, key),
SubPath: key,
}
Expand All @@ -443,9 +456,13 @@ func (d *Deployer) addServiceExtraMounts(
sort.Strings(keys)

for idx, key := range keys {
name := fmt.Sprintf("%s-%s", sec.Name, strconv.Itoa(idx))
volumeName := fmt.Sprintf("%s-%s", sec.Name, strconv.Itoa(idx))
if len(volumeName) > apimachineryvalidation.DNS1123LabelMaxLength {
limit := apimachineryvalidation.DNS1123LabelMaxLength - len(strconv.Itoa(idx))
volumeName = volumeName[:limit] + strconv.Itoa(idx)
}
volume := corev1.Volume{
Name: name,
Name: volumeName,
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: sec.Name,
Expand All @@ -460,7 +477,7 @@ func (d *Deployer) addServiceExtraMounts(
}

volumeMount := corev1.VolumeMount{
Name: name,
Name: volumeName,
MountPath: path.Join(baseMountPath, key),
SubPath: key,
}
Expand Down
7 changes: 5 additions & 2 deletions pkg/dataplane/util/ansible_execution.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
corev1 "k8s.io/api/core/v1"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
apimachineryvalidation "k8s.io/apimachinery/pkg/util/validation"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"

Expand Down Expand Up @@ -279,6 +280,7 @@ func GetAnsibleExecution(ctx context.Context,
// getAnsibleExecutionNamePrefix compute the name of the AnsibleEE
func getAnsibleExecutionNamePrefix(serviceName string) string {
var executionNamePrefix string
AnsibleExecutionServiceNameLen := apimachineryvalidation.DNS1123LabelMaxLength - 10
if len(serviceName) > AnsibleExecutionServiceNameLen {
executionNamePrefix = serviceName[:AnsibleExecutionServiceNameLen]
} else {
Expand All @@ -295,8 +297,9 @@ func GetAnsibleExecutionNameAndLabels(service *dataplanev1.OpenStackDataPlaneSer
if !service.Spec.DeployOnAllNodeSets {
executionName = fmt.Sprintf("%s-%s", executionName, nodeSetName)
}
if len(executionName) > AnsibleExcecutionNameLabelLen {
executionName = executionName[:AnsibleExcecutionNameLabelLen]

if len(executionName) > apimachineryvalidation.DNS1123LabelMaxLength {
executionName = executionName[:apimachineryvalidation.DNS1123LabelMaxLength]
}

labels := map[string]string{
Expand Down
24 changes: 0 additions & 24 deletions pkg/dataplane/util/const.go

This file was deleted.

0 comments on commit d662542

Please sign in to comment.