github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-04 18:00:08 +00:00
Code Issues Projects Releases Wiki Activity

Moved validation to the API side

Browse Source
This commit is contained in:
Bobby (Babak) Salamat 2018-02-07 15:30:26 -08:00
parent 1016d2d16a
commit 6bad08ab0c
5 changed files with 20 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/apis/scheduling/types.go
View File

@ -23,6 +23,9 @@ const (
// that do not specify any priority class and there is no priority class // that do not specify any priority class and there is no priority class
// marked as default. // marked as default.
DefaultPriorityWhenNoDefaultClassExists = 0 DefaultPriorityWhenNoDefaultClassExists = 0
// SystemPriorityClassPrefix is the prefix reserved for system priority class names. Other priority
// classes are not allowed to start with this prefix.
SystemPriorityClassPrefix = "system-"
) )
// +genclient // +genclient

14
pkg/apis/scheduling/validation/validation.go
View File

@ -17,14 +17,22 @@ limitations under the License.
package validation package validation
import ( import (
"strings"
"k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/apimachinery/pkg/util/validation/field"
apivalidation "k8s.io/kubernetes/pkg/apis/core/validation" apivalidation "k8s.io/kubernetes/pkg/apis/core/validation"
"k8s.io/kubernetes/pkg/apis/scheduling" "k8s.io/kubernetes/pkg/apis/scheduling"
) )
// ValidatePriorityClassName can be used to check whether the given priority // ValidatePriorityClassName checks whether the given priority class name is valid.
// class name is valid. func ValidatePriorityClassName(name string, prefix bool) []string {
var ValidatePriorityClassName = apivalidation.NameIsDNSSubdomain var allErrs []string
if strings.HasPrefix(name, scheduling.SystemPriorityClassPrefix) {
allErrs = append(allErrs, "priority class names with '"+scheduling.SystemPriorityClassPrefix+"' prefix are reserved for system use only")
}
allErrs = append(allErrs, apivalidation.NameIsDNSSubdomain(name, prefix)...)
return allErrs
}
// ValidatePriorityClass tests whether required fields in the PriorityClass are // ValidatePriorityClass tests whether required fields in the PriorityClass are
// set correctly. // set correctly.

4
pkg/apis/scheduling/validation/validation_test.go
View File

@ -53,6 +53,10 @@ func TestValidatePriorityClass(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{Name: "tier&1", Namespace: ""}, ObjectMeta: metav1.ObjectMeta{Name: "tier&1", Namespace: ""},
Value: 100, Value: 100,
}, },
"invalid system name": {
ObjectMeta: metav1.ObjectMeta{Name: scheduling.SystemPriorityClassPrefix + "test"},
Value: 100,
},
} }
for k, v := range errorCases { for k, v := range errorCases {

9
plugin/pkg/admission/priority/admission.go
View File

@ -19,7 +19,6 @@ package admission
import ( import (
"fmt" "fmt"
"io" "io"
"strings"
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/labels"
@ -42,12 +41,11 @@ const (
HighestUserDefinablePriority = 1000000000 HighestUserDefinablePriority = 1000000000
// SystemCriticalPriority is the beginning of the range of priority values for critical system components. // SystemCriticalPriority is the beginning of the range of priority values for critical system components.
SystemCriticalPriority = 2 * HighestUserDefinablePriority SystemCriticalPriority = 2 * HighestUserDefinablePriority
// SystemPriorityClassPrefix is the prefix reserved for system priority class names. Other priority
// classes are not allowed to start with this prefix.
SystemPriorityClassPrefix = "system-"
) )
// SystemPriorityClasses defines special priority classes which are used by system critical pods that should not be preempted by workload pods. // SystemPriorityClasses defines special priority classes which are used by system critical pods that should not be preempted by workload pods.
// NOTE: In order to avoid conflict of names with user-defined priority classes, all the names must
// start with scheduling.SystemPriorityClassPrefix which is by default "system-".
var SystemPriorityClasses = map[string]int32{ var SystemPriorityClasses = map[string]int32{
"system-cluster-critical": SystemCriticalPriority, "system-cluster-critical": SystemCriticalPriority,
"system-node-critical": SystemCriticalPriority + 1000, "system-node-critical": SystemCriticalPriority + 1000,
@ -207,9 +205,6 @@ func (p *PriorityPlugin) validatePriorityClass(a admission.Attributes) error {
if pc.Value > HighestUserDefinablePriority { if pc.Value > HighestUserDefinablePriority {
return admission.NewForbidden(a, fmt.Errorf("maximum allowed value of a user defined priority is %v", HighestUserDefinablePriority)) return admission.NewForbidden(a, fmt.Errorf("maximum allowed value of a user defined priority is %v", HighestUserDefinablePriority))
} }
if strings.HasPrefix(pc.Name, SystemPriorityClassPrefix) {
return admission.NewForbidden(a, fmt.Errorf("priority class names with '%v' prefix are reserved for system use only: %v", SystemPriorityClassPrefix, pc.Name))
}
if _, ok := SystemPriorityClasses[pc.Name]; ok { if _, ok := SystemPriorityClasses[pc.Name]; ok {
return admission.NewForbidden(a, fmt.Errorf("the name of the priority class is a reserved name for system use only: %v", pc.Name)) return admission.NewForbidden(a, fmt.Errorf("the name of the priority class is a reserved name for system use only: %v", pc.Name))
} }

15
plugin/pkg/admission/priority/admission_test.go
View File

@ -127,21 +127,6 @@ func TestPriorityClassAdmission(t *testing.T) {
systemClass, systemClass,
true, true,
}, },
{
"forbidden system name prefix",
[]*scheduling.PriorityClass{},
&scheduling.PriorityClass{
TypeMeta: metav1.TypeMeta{
Kind: "PriorityClass",
},
ObjectMeta: metav1.ObjectMeta{
Name: "system-something",
},
Value: 5,
Description: "Name with 'system-' prefix is reserved for system use",
},
true,
},
} }
for _, test := range tests { for _, test := range tests {