From f903b7a85cf5adeb4bf4163acc48b8a6cd3c8a29 Mon Sep 17 00:00:00 2001
From: xiangpengzhao <zhao.xiangpeng@zte.com.cn>
Date: Mon, 13 Nov 2017 14:46:12 +0800
Subject: [PATCH] Validate podCIDR of node spec.

---
 pkg/apis/core/validation/validation.go       | 16 ++++++++-
 pkg/apis/core/validation/validation_test.go  | 36 ++++++++++++++++++++
 pkg/apis/networking/validation/validation.go | 15 ++------
 3 files changed, 53 insertions(+), 14 deletions(-)

diff --git a/pkg/apis/core/validation/validation.go b/pkg/apis/core/validation/validation.go
index c3878644cd5..f2e06e7a551 100644
--- a/pkg/apis/core/validation/validation.go
+++ b/pkg/apis/core/validation/validation.go
@@ -3536,7 +3536,12 @@ func ValidateNode(node *core.Node) field.ErrorList {
 		allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "configSource"), "configSource may only be set if the DynamicKubeletConfig feature gate is enabled)"))
 	}
 
-	// TODO(rjnagal): Ignore PodCIDR till its completely implemented.
+	if len(node.Spec.PodCIDR) != 0 {
+		_, err := ValidateCIDR(node.Spec.PodCIDR)
+		if err != nil {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "podCIDR"), node.Spec.PodCIDR, "not a valid CIDR"))
+		}
+	}
 	return allErrs
 }
 
@@ -4530,3 +4535,12 @@ func validateStorageNodeAffinityAnnotation(annotations map[string]string, fldPat
 	}
 	return policySpecified, allErrs
 }
+
+// ValidateCIDR validates whether a CIDR matches the conventions expected by net.ParseCIDR
+func ValidateCIDR(cidr string) (*net.IPNet, error) {
+	_, net, err := net.ParseCIDR(cidr)
+	if err != nil {
+		return nil, err
+	}
+	return net, nil
+}
diff --git a/pkg/apis/core/validation/validation_test.go b/pkg/apis/core/validation/validation_test.go
index 21376f67d13..218902ce4bd 100644
--- a/pkg/apis/core/validation/validation_test.go
+++ b/pkg/apis/core/validation/validation_test.go
@@ -8249,6 +8249,24 @@ func TestValidateNode(t *testing.T) {
 				ExternalID: "external",
 			},
 		},
+		{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "abc",
+			},
+			Status: core.NodeStatus{
+				Addresses: []core.NodeAddress{
+					{Type: core.NodeExternalIP, Address: "something"},
+				},
+				Capacity: core.ResourceList{
+					core.ResourceName(core.ResourceCPU):    resource.MustParse("10"),
+					core.ResourceName(core.ResourceMemory): resource.MustParse("0"),
+				},
+			},
+			Spec: core.NodeSpec{
+				ExternalID: "external",
+				PodCIDR:    "192.168.0.0/16",
+			},
+		},
 	}
 	for _, successCase := range successCases {
 		if errs := ValidateNode(&successCase); len(errs) != 0 {
@@ -8472,6 +8490,24 @@ func TestValidateNode(t *testing.T) {
 				ExternalID: "external",
 			},
 		},
+		"invalid-pod-cidr": {
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "abc",
+			},
+			Status: core.NodeStatus{
+				Addresses: []core.NodeAddress{
+					{Type: core.NodeExternalIP, Address: "something"},
+				},
+				Capacity: core.ResourceList{
+					core.ResourceName(core.ResourceCPU):    resource.MustParse("10"),
+					core.ResourceName(core.ResourceMemory): resource.MustParse("0"),
+				},
+			},
+			Spec: core.NodeSpec{
+				ExternalID: "external",
+				PodCIDR:    "192.168.0.0",
+			},
+		},
 	}
 	for k, v := range errorCases {
 		errs := ValidateNode(&v)
diff --git a/pkg/apis/networking/validation/validation.go b/pkg/apis/networking/validation/validation.go
index a9b43f9bdcd..9f0a04c81b2 100644
--- a/pkg/apis/networking/validation/validation.go
+++ b/pkg/apis/networking/validation/validation.go
@@ -17,8 +17,6 @@ limitations under the License.
 package validation
 
 import (
-	"net"
-
 	unversionedvalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/util/sets"
@@ -163,7 +161,7 @@ func ValidateIPBlock(ipb *networking.IPBlock, fldPath *field.Path) field.ErrorLi
 		allErrs = append(allErrs, field.Required(fldPath.Child("cidr"), ""))
 		return allErrs
 	}
-	cidrIPNet, err := validateCIDR(ipb.CIDR)
+	cidrIPNet, err := apivalidation.ValidateCIDR(ipb.CIDR)
 	if err != nil {
 		allErrs = append(allErrs, field.Invalid(fldPath.Child("cidr"), ipb.CIDR, "not a valid CIDR"))
 		return allErrs
@@ -171,7 +169,7 @@ func ValidateIPBlock(ipb *networking.IPBlock, fldPath *field.Path) field.ErrorLi
 	exceptCIDR := ipb.Except
 	for i, exceptIP := range exceptCIDR {
 		exceptPath := fldPath.Child("except").Index(i)
-		exceptCIDR, err := validateCIDR(exceptIP)
+		exceptCIDR, err := apivalidation.ValidateCIDR(exceptIP)
 		if err != nil {
 			allErrs = append(allErrs, field.Invalid(exceptPath, exceptIP, "not a valid CIDR"))
 			return allErrs
@@ -182,12 +180,3 @@ func ValidateIPBlock(ipb *networking.IPBlock, fldPath *field.Path) field.ErrorLi
 	}
 	return allErrs
 }
-
-// validateCIDR validates whether a CIDR matches the conventions expected by net.ParseCIDR
-func validateCIDR(cidr string) (*net.IPNet, error) {
-	_, net, err := net.ParseCIDR(cidr)
-	if err != nil {
-		return nil, err
-	}
-	return net, nil
-}