mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 03:41:45 +00:00
Tighten validation of Name and Namespace
This commit is contained in:
Tim Hockin
Clayton Coleman
parent
358ace610d
commit
a480794efc
@ -3,11 +3,11 @@
|
|||||||
"apiVersion": "v1beta1",
|
"apiVersion": "v1beta1",
|
||||||
"items": [
|
"items": [
|
||||||
{
|
{
|
||||||
"id": "testRun",
|
"id": "test-run",
|
||||||
"desiredState": {
|
"desiredState": {
|
||||||
"replicas": 2,
|
"replicas": 2,
|
||||||
"replicaSelector": {
|
"replicaSelector": {
|
||||||
"name": "testRun"
|
"name": "test-run"
|
||||||
},
|
},
|
||||||
"podTemplate": {
|
"podTemplate": {
|
||||||
"desiredState": {
|
"desiredState": {
|
||||||
@ -23,12 +23,12 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"labels": {
|
"labels": {
|
||||||
"name": "testRun"
|
"name": "test-run"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"labels": {
|
"labels": {
|
||||||
"name": "testRun"
|
"name": "test-run"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
{
|
{
|
||||||
"id": "nginxController",
|
"id": "nginx-controller",
|
||||||
"apiVersion": "v1beta1",
|
"apiVersion": "v1beta1",
|
||||||
"kind": "ReplicationController",
|
"kind": "ReplicationController",
|
||||||
"desiredState": {
|
"desiredState": {
|
||||||
@ -9,7 +9,7 @@
|
|||||||
"desiredState": {
|
"desiredState": {
|
||||||
"manifest": {
|
"manifest": {
|
||||||
"version": "v1beta1",
|
"version": "v1beta1",
|
||||||
"id": "nginxController",
|
"id": "nginx-controller",
|
||||||
"containers": [{
|
"containers": [{
|
||||||
"name": "nginx",
|
"name": "nginx",
|
||||||
"image": "dockerfile/nginx",
|
"image": "dockerfile/nginx",
|
||||||
|
|||||||
@ -5,8 +5,8 @@
|
|||||||
{
|
{
|
||||||
"id": "my-pod-1",
|
"id": "my-pod-1",
|
||||||
"labels": {
|
"labels": {
|
||||||
"name": "testRun",
|
"name": "test-run",
|
||||||
"replicationcontroller": "testRun"
|
"replicationcontroller": "test-run"
|
||||||
},
|
},
|
||||||
"desiredState": {
|
"desiredState": {
|
||||||
"manifest": {
|
"manifest": {
|
||||||
@ -29,8 +29,8 @@
|
|||||||
{
|
{
|
||||||
"id": "my-pod-2",
|
"id": "my-pod-2",
|
||||||
"labels": {
|
"labels": {
|
||||||
"name": "testRun",
|
"name": "test-run",
|
||||||
"replicationcontroller": "testRun"
|
"replicationcontroller": "test-run"
|
||||||
},
|
},
|
||||||
"desiredState": {
|
"desiredState": {
|
||||||
"manifest": {
|
"manifest": {
|
||||||
|
|||||||
@ -121,7 +121,7 @@ Use the file `examples/guestbook/redis-slave-controller.json`:
|
|||||||
|
|
||||||
```js
|
```js
|
||||||
{
|
{
|
||||||
"id": "redisSlaveController",
|
"id": "redis-slave-controller",
|
||||||
"kind": "ReplicationController",
|
"kind": "ReplicationController",
|
||||||
"apiVersion": "v1beta1",
|
"apiVersion": "v1beta1",
|
||||||
"desiredState": {
|
"desiredState": {
|
||||||
@ -131,7 +131,7 @@ Use the file `examples/guestbook/redis-slave-controller.json`:
|
|||||||
"desiredState": {
|
"desiredState": {
|
||||||
"manifest": {
|
"manifest": {
|
||||||
"version": "v1beta1",
|
"version": "v1beta1",
|
||||||
"id": "redisSlaveController",
|
"id": "redis-slave-controller",
|
||||||
"containers": [{
|
"containers": [{
|
||||||
"name": "slave",
|
"name": "slave",
|
||||||
"image": "brendanburns/redis-slave",
|
"image": "brendanburns/redis-slave",
|
||||||
@ -153,11 +153,11 @@ to create the replication controller by running:
|
|||||||
|
|
||||||
```shell
|
```shell
|
||||||
$ cluster/kubectl.sh create -f examples/guestbook/redis-slave-controller.json
|
$ cluster/kubectl.sh create -f examples/guestbook/redis-slave-controller.json
|
||||||
redisSlaveController
|
redis-slave-controller
|
||||||
|
|
||||||
# cluster/kubectl.sh get replicationcontrollers
|
# cluster/kubectl.sh get replicationcontrollers
|
||||||
NAME IMAGE(S) SELECTOR REPLICAS
|
NAME IMAGE(S) SELECTOR REPLICAS
|
||||||
redisSlaveController brendanburns/redis-slave name=redisslave 2
|
redis-slave-controller brendanburns/redis-slave name=redisslave 2
|
||||||
```
|
```
|
||||||
|
|
||||||
The redis slave configures itself by looking for the Kubernetes service environment variables in the container environment. In particular, the redis slave is started with the following command:
|
The redis slave configures itself by looking for the Kubernetes service environment variables in the container environment. In particular, the redis slave is started with the following command:
|
||||||
@ -225,7 +225,7 @@ The pod is described in the file `examples/guestbook/frontend-controller.json`:
|
|||||||
|
|
||||||
```js
|
```js
|
||||||
{
|
{
|
||||||
"id": "frontendController",
|
"id": "frontend-controller",
|
||||||
"kind": "ReplicationController",
|
"kind": "ReplicationController",
|
||||||
"apiVersion": "v1beta1",
|
"apiVersion": "v1beta1",
|
||||||
"desiredState": {
|
"desiredState": {
|
||||||
@ -235,7 +235,7 @@ The pod is described in the file `examples/guestbook/frontend-controller.json`:
|
|||||||
"desiredState": {
|
"desiredState": {
|
||||||
"manifest": {
|
"manifest": {
|
||||||
"version": "v1beta1",
|
"version": "v1beta1",
|
||||||
"id": "frontendController",
|
"id": "frontend-controller",
|
||||||
"containers": [{
|
"containers": [{
|
||||||
"name": "php-redis",
|
"name": "php-redis",
|
||||||
"image": "kubernetes/example-guestbook-php-redis",
|
"image": "kubernetes/example-guestbook-php-redis",
|
||||||
@ -258,12 +258,12 @@ Using this file, you can turn up your frontend with:
|
|||||||
|
|
||||||
```shell
|
```shell
|
||||||
$ cluster/kubectl.sh create -f examples/guestbook/frontend-controller.json
|
$ cluster/kubectl.sh create -f examples/guestbook/frontend-controller.json
|
||||||
frontendController
|
frontend-controller
|
||||||
|
|
||||||
$ cluster/kubectl.sh get replicationcontrollers
|
$ cluster/kubectl.sh get replicationcontrollers
|
||||||
NAME IMAGE(S) SELECTOR REPLICAS
|
NAME IMAGE(S) SELECTOR REPLICAS
|
||||||
redisSlaveController brendanburns/redis-slave name=redisslave 2
|
redis-slave-controller brendanburns/redis-slave name=redisslave 2
|
||||||
frontendController kubernetes/example-guestbook-php-redis name=frontend 3
|
frontend-controller kubernetes/example-guestbook-php-redis name=frontend 3
|
||||||
```
|
```
|
||||||
|
|
||||||
Once that's up (it may take ten to thirty seconds to create the pods) you can list the pods in the cluster, to verify that the master, slaves and frontends are running:
|
Once that's up (it may take ten to thirty seconds to create the pods) you can list the pods in the cluster, to verify that the master, slaves and frontends are running:
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
{
|
{
|
||||||
"id": "frontendController",
|
"id": "frontend-controller",
|
||||||
"kind": "ReplicationController",
|
"kind": "ReplicationController",
|
||||||
"apiVersion": "v1beta1",
|
"apiVersion": "v1beta1",
|
||||||
"desiredState": {
|
"desiredState": {
|
||||||
@ -9,7 +9,7 @@
|
|||||||
"desiredState": {
|
"desiredState": {
|
||||||
"manifest": {
|
"manifest": {
|
||||||
"version": "v1beta1",
|
"version": "v1beta1",
|
||||||
"id": "frontendController",
|
"id": "frontend-controller",
|
||||||
"containers": [{
|
"containers": [{
|
||||||
"name": "php-redis",
|
"name": "php-redis",
|
||||||
"image": "kubernetes/example-guestbook-php-redis",
|
"image": "kubernetes/example-guestbook-php-redis",
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
{
|
{
|
||||||
"id": "redisSlaveController",
|
"id": "redis-slave-controller",
|
||||||
"kind": "ReplicationController",
|
"kind": "ReplicationController",
|
||||||
"apiVersion": "v1beta1",
|
"apiVersion": "v1beta1",
|
||||||
"desiredState": {
|
"desiredState": {
|
||||||
@ -9,7 +9,7 @@
|
|||||||
"desiredState": {
|
"desiredState": {
|
||||||
"manifest": {
|
"manifest": {
|
||||||
"version": "v1beta1",
|
"version": "v1beta1",
|
||||||
"id": "redisSlaveController",
|
"id": "redis-slave-controller",
|
||||||
"containers": [{
|
"containers": [{
|
||||||
"name": "slave",
|
"name": "slave",
|
||||||
"image": "brendanburns/redis-slave",
|
"image": "brendanburns/redis-slave",
|
||||||
|
|||||||
@ -23,7 +23,7 @@ Replication controllers are the objects to answer these questions. A replicatio
|
|||||||
An example replica controller that instantiates two pods running nginx looks like:
|
An example replica controller that instantiates two pods running nginx looks like:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
id: nginxController
|
id: nginx-controller
|
||||||
apiVersion: v1beta1
|
apiVersion: v1beta1
|
||||||
kind: ReplicationController
|
kind: ReplicationController
|
||||||
desiredState:
|
desiredState:
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
id: nginxController
|
id: nginx-controller
|
||||||
apiVersion: v1beta1
|
apiVersion: v1beta1
|
||||||
kind: ReplicationController
|
kind: ReplicationController
|
||||||
desiredState:
|
desiredState:
|
||||||
|
|||||||
@ -38,10 +38,10 @@ sleep 5
|
|||||||
POD_LIST_1=$($KUBECFG '-template={{range.items}}{{.id}} {{end}}' list pods)
|
POD_LIST_1=$($KUBECFG '-template={{range.items}}{{.id}} {{end}}' list pods)
|
||||||
echo "Pods running: ${POD_LIST_1}"
|
echo "Pods running: ${POD_LIST_1}"
|
||||||
|
|
||||||
$KUBECFG stop redisSlaveController
|
$KUBECFG stop redis-slave-controller
|
||||||
# Needed until issue #103 gets fixed
|
# Needed until issue #103 gets fixed
|
||||||
sleep 25
|
sleep 25
|
||||||
$KUBECFG rm redisSlaveController
|
$KUBECFG rm redis-slave-controller
|
||||||
$KUBECFG delete services/redis-master
|
$KUBECFG delete services/redis-master
|
||||||
$KUBECFG delete pods/redis-master
|
$KUBECFG delete pods/redis-master
|
||||||
|
|
||||||
|
|||||||
@ -168,8 +168,8 @@ __EOF__
|
|||||||
kubectl get replicationcontrollers "${kube_flags[@]}"
|
kubectl get replicationcontrollers "${kube_flags[@]}"
|
||||||
kubectl create -f examples/guestbook/frontend-controller.json "${kube_flags[@]}"
|
kubectl create -f examples/guestbook/frontend-controller.json "${kube_flags[@]}"
|
||||||
kubectl get replicationcontrollers "${kube_flags[@]}"
|
kubectl get replicationcontrollers "${kube_flags[@]}"
|
||||||
kubectl describe replicationcontroller frontendController "${kube_flags[@]}" | grep -q 'Replicas:.*3 desired'
|
kubectl describe replicationcontroller frontend-controller "${kube_flags[@]}" | grep -q 'Replicas:.*3 desired'
|
||||||
kubectl delete rc frontendController "${kube_flags[@]}"
|
kubectl delete rc frontend-controller "${kube_flags[@]}"
|
||||||
|
|
||||||
kube::log::status "Testing kubectl(${version}:nodes)"
|
kube::log::status "Testing kubectl(${version}:nodes)"
|
||||||
kubectl get nodes "${kube_flags[@]}"
|
kubectl get nodes "${kube_flags[@]}"
|
||||||
|
|||||||
@ -467,7 +467,9 @@ func ValidateService(service *api.Service, lister ServiceLister, ctx api.Context
|
|||||||
} else if !util.IsDNS952Label(service.Name) {
|
} else if !util.IsDNS952Label(service.Name) {
|
||||||
allErrs = append(allErrs, errs.NewFieldInvalid("name", service.Name, ""))
|
allErrs = append(allErrs, errs.NewFieldInvalid("name", service.Name, ""))
|
||||||
}
|
}
|
||||||
if !util.IsDNSSubdomain(service.Namespace) {
|
if len(service.Namespace) == 0 {
|
||||||
|
allErrs = append(allErrs, errs.NewFieldRequired("namespace", service.Namespace))
|
||||||
|
} else if !util.IsDNSSubdomain(service.Namespace) {
|
||||||
allErrs = append(allErrs, errs.NewFieldInvalid("namespace", service.Namespace, ""))
|
allErrs = append(allErrs, errs.NewFieldInvalid("namespace", service.Namespace, ""))
|
||||||
}
|
}
|
||||||
if !util.IsValidPortNum(service.Spec.Port) {
|
if !util.IsValidPortNum(service.Spec.Port) {
|
||||||
@ -499,8 +501,12 @@ func ValidateReplicationController(controller *api.ReplicationController) errs.V
|
|||||||
allErrs := errs.ValidationErrorList{}
|
allErrs := errs.ValidationErrorList{}
|
||||||
if len(controller.Name) == 0 {
|
if len(controller.Name) == 0 {
|
||||||
allErrs = append(allErrs, errs.NewFieldRequired("name", controller.Name))
|
allErrs = append(allErrs, errs.NewFieldRequired("name", controller.Name))
|
||||||
|
} else if !util.IsDNSSubdomain(controller.Name) {
|
||||||
|
allErrs = append(allErrs, errs.NewFieldInvalid("name", controller.Name, ""))
|
||||||
}
|
}
|
||||||
if !util.IsDNSSubdomain(controller.Namespace) {
|
if len(controller.Namespace) == 0 {
|
||||||
|
allErrs = append(allErrs, errs.NewFieldRequired("namespace", controller.Namespace))
|
||||||
|
} else if !util.IsDNSSubdomain(controller.Namespace) {
|
||||||
allErrs = append(allErrs, errs.NewFieldInvalid("namespace", controller.Namespace, ""))
|
allErrs = append(allErrs, errs.NewFieldInvalid("namespace", controller.Namespace, ""))
|
||||||
}
|
}
|
||||||
allErrs = append(allErrs, ValidateReplicationControllerSpec(&controller.Spec).Prefix("spec")...)
|
allErrs = append(allErrs, ValidateReplicationControllerSpec(&controller.Spec).Prefix("spec")...)
|
||||||
@ -582,11 +588,13 @@ func ValidateBoundPod(pod *api.BoundPod) errs.ValidationErrorList {
|
|||||||
// ValidateMinion tests if required fields in the minion are set.
|
// ValidateMinion tests if required fields in the minion are set.
|
||||||
func ValidateMinion(minion *api.Node) errs.ValidationErrorList {
|
func ValidateMinion(minion *api.Node) errs.ValidationErrorList {
|
||||||
allErrs := errs.ValidationErrorList{}
|
allErrs := errs.ValidationErrorList{}
|
||||||
if len(minion.Namespace) != 0 {
|
|
||||||
allErrs = append(allErrs, errs.NewFieldInvalid("namespace", minion.Namespace, ""))
|
|
||||||
}
|
|
||||||
if len(minion.Name) == 0 {
|
if len(minion.Name) == 0 {
|
||||||
allErrs = append(allErrs, errs.NewFieldRequired("name", minion.Name))
|
allErrs = append(allErrs, errs.NewFieldRequired("name", minion.Name))
|
||||||
|
} else if !util.IsDNSSubdomain(minion.Name) {
|
||||||
|
allErrs = append(allErrs, errs.NewFieldInvalid("name", minion.Name, ""))
|
||||||
|
}
|
||||||
|
if len(minion.Namespace) != 0 {
|
||||||
|
allErrs = append(allErrs, errs.NewFieldInvalid("namespace", minion.Namespace, ""))
|
||||||
}
|
}
|
||||||
allErrs = append(allErrs, ValidateLabels(minion.Labels, "labels")...)
|
allErrs = append(allErrs, ValidateLabels(minion.Labels, "labels")...)
|
||||||
allErrs = append(allErrs, ValidateLabels(minion.Annotations, "annotations")...)
|
allErrs = append(allErrs, ValidateLabels(minion.Annotations, "annotations")...)
|
||||||
|
|||||||
@ -60,8 +60,8 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"id": "frontendController",
|
"id": "frontend-controller",
|
||||||
"name": "frontendController",
|
"name": "frontend-controller",
|
||||||
"kind": "ReplicationController",
|
"kind": "ReplicationController",
|
||||||
"apiVersion": "v1beta1",
|
"apiVersion": "v1beta1",
|
||||||
"desiredState": {
|
"desiredState": {
|
||||||
@ -97,8 +97,8 @@
|
|||||||
"labels": {"name": "frontend"}
|
"labels": {"name": "frontend"}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"id": "redisSlaveController",
|
"id": "redis-slave-controller",
|
||||||
"name": "redisSlaveController",
|
"name": "redis-slave-controller",
|
||||||
"kind": "ReplicationController",
|
"kind": "ReplicationController",
|
||||||
"apiVersion": "v1beta1",
|
"apiVersion": "v1beta1",
|
||||||
"desiredState": {
|
"desiredState": {
|
||||||
|
|||||||
@ -114,7 +114,7 @@ func TestCreateDirectory(t *testing.T) {
|
|||||||
cmd.Flags().Set("filename", "../../../examples/guestbook")
|
cmd.Flags().Set("filename", "../../../examples/guestbook")
|
||||||
cmd.Run(cmd, []string{})
|
cmd.Run(cmd, []string{})
|
||||||
|
|
||||||
if buf.String() != "frontendController\nfrontend\nredis-master\nredis-master\nredisSlaveController\nredisslave\n" {
|
if buf.String() != "frontend-controller\nfrontend\nredis-master\nredis-master\nredis-slave-controller\nredisslave\n" {
|
||||||
t.Errorf("unexpected output: %s", buf.String())
|
t.Errorf("unexpected output: %s", buf.String())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -206,7 +206,7 @@ func TestDeleteDirectory(t *testing.T) {
|
|||||||
cmd.Flags().Set("filename", "../../../examples/guestbook")
|
cmd.Flags().Set("filename", "../../../examples/guestbook")
|
||||||
cmd.Run(cmd, []string{})
|
cmd.Run(cmd, []string{})
|
||||||
|
|
||||||
if buf.String() != "frontendController\nfrontend\nredis-master\nredis-master\nredisSlaveController\nredisslave\n" {
|
if buf.String() != "frontend-controller\nfrontend\nredis-master\nredis-master\nredis-slave-controller\nredisslave\n" {
|
||||||
t.Errorf("unexpected output: %s", buf.String())
|
t.Errorf("unexpected output: %s", buf.String())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -143,7 +143,7 @@ func TestControllerDecode(t *testing.T) {
|
|||||||
func TestControllerParsing(t *testing.T) {
|
func TestControllerParsing(t *testing.T) {
|
||||||
expectedController := api.ReplicationController{
|
expectedController := api.ReplicationController{
|
||||||
ObjectMeta: api.ObjectMeta{
|
ObjectMeta: api.ObjectMeta{
|
||||||
Name: "nginxController",
|
Name: "nginx-controller",
|
||||||
Labels: map[string]string{
|
Labels: map[string]string{
|
||||||
"name": "nginx",
|
"name": "nginx",
|
||||||
},
|
},
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user