mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-10-31 05:40:42 +00:00
169 lines
6.1 KiB
Go
169 lines
6.1 KiB
Go
/*
|
|
Copyright 2014 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package validation
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/golang/glog"
|
|
|
|
"k8s.io/api/core/v1"
|
|
"k8s.io/apimachinery/pkg/api/resource"
|
|
"k8s.io/apimachinery/pkg/util/sets"
|
|
"k8s.io/apimachinery/pkg/util/validation"
|
|
"k8s.io/apimachinery/pkg/util/validation/field"
|
|
"k8s.io/kubernetes/pkg/api/helper"
|
|
v1helper "k8s.io/kubernetes/pkg/api/v1/helper"
|
|
)
|
|
|
|
const isNegativeErrorMsg string = `must be greater than or equal to 0`
|
|
const isNotIntegerErrorMsg string = `must be an integer`
|
|
|
|
func ValidateResourceRequirements(requirements *v1.ResourceRequirements, fldPath *field.Path) field.ErrorList {
|
|
allErrs := field.ErrorList{}
|
|
limPath := fldPath.Child("limits")
|
|
reqPath := fldPath.Child("requests")
|
|
for resourceName, quantity := range requirements.Limits {
|
|
fldPath := limPath.Key(string(resourceName))
|
|
// Validate resource name.
|
|
allErrs = append(allErrs, validateContainerResourceName(string(resourceName), fldPath)...)
|
|
|
|
// Validate resource quantity.
|
|
allErrs = append(allErrs, ValidateResourceQuantityValue(string(resourceName), quantity, fldPath)...)
|
|
|
|
// Check that request <= limit.
|
|
requestQuantity, exists := requirements.Requests[resourceName]
|
|
if exists {
|
|
// Ensure overcommit is allowed for the resource if request != limit
|
|
if quantity.Cmp(requestQuantity) != 0 && !v1helper.IsOvercommitAllowed(resourceName) {
|
|
allErrs = append(allErrs, field.Invalid(reqPath, requestQuantity.String(), fmt.Sprintf("must be equal to %s limit", resourceName)))
|
|
} else if quantity.Cmp(requestQuantity) < 0 {
|
|
allErrs = append(allErrs, field.Invalid(limPath, quantity.String(), fmt.Sprintf("must be greater than or equal to %s request", resourceName)))
|
|
}
|
|
}
|
|
}
|
|
for resourceName, quantity := range requirements.Requests {
|
|
fldPath := reqPath.Key(string(resourceName))
|
|
// Validate resource name.
|
|
allErrs = append(allErrs, validateContainerResourceName(string(resourceName), fldPath)...)
|
|
// Validate resource quantity.
|
|
allErrs = append(allErrs, ValidateResourceQuantityValue(string(resourceName), quantity, fldPath)...)
|
|
}
|
|
|
|
return allErrs
|
|
}
|
|
|
|
func validateContainerResourceName(value string, fldPath *field.Path) field.ErrorList {
|
|
allErrs := validateResourceName(value, fldPath)
|
|
if len(strings.Split(value, "/")) == 1 {
|
|
if !helper.IsStandardContainerResourceName(value) {
|
|
return append(allErrs, field.Invalid(fldPath, value, "must be a standard resource for containers"))
|
|
}
|
|
}
|
|
return field.ErrorList{}
|
|
}
|
|
|
|
// ValidateResourceQuantityValue enforces that specified quantity is valid for specified resource
|
|
func ValidateResourceQuantityValue(resource string, value resource.Quantity, fldPath *field.Path) field.ErrorList {
|
|
allErrs := field.ErrorList{}
|
|
allErrs = append(allErrs, ValidateNonnegativeQuantity(value, fldPath)...)
|
|
if helper.IsIntegerResourceName(resource) {
|
|
if value.MilliValue()%int64(1000) != int64(0) {
|
|
allErrs = append(allErrs, field.Invalid(fldPath, value, isNotIntegerErrorMsg))
|
|
}
|
|
}
|
|
return allErrs
|
|
}
|
|
|
|
// Validates that a Quantity is not negative
|
|
func ValidateNonnegativeQuantity(value resource.Quantity, fldPath *field.Path) field.ErrorList {
|
|
allErrs := field.ErrorList{}
|
|
if value.Cmp(resource.Quantity{}) < 0 {
|
|
allErrs = append(allErrs, field.Invalid(fldPath, value.String(), isNegativeErrorMsg))
|
|
}
|
|
return allErrs
|
|
}
|
|
|
|
// Validate compute resource typename.
|
|
// Refer to docs/design/resources.md for more details.
|
|
func validateResourceName(value string, fldPath *field.Path) field.ErrorList {
|
|
// Opaque integer resources (OIR) deprecation began in v1.8
|
|
// TODO: Remove warning after OIR deprecation cycle.
|
|
if v1helper.IsOpaqueIntResourceName(v1.ResourceName(value)) {
|
|
glog.Errorf("DEPRECATION WARNING! Opaque integer resources are deprecated starting with v1.8: %s", value)
|
|
}
|
|
|
|
allErrs := field.ErrorList{}
|
|
for _, msg := range validation.IsQualifiedName(value) {
|
|
allErrs = append(allErrs, field.Invalid(fldPath, value, msg))
|
|
}
|
|
if len(allErrs) != 0 {
|
|
return allErrs
|
|
}
|
|
|
|
if len(strings.Split(value, "/")) == 1 {
|
|
if !helper.IsStandardResourceName(value) {
|
|
return append(allErrs, field.Invalid(fldPath, value, "must be a standard resource type or fully qualified"))
|
|
}
|
|
}
|
|
|
|
return field.ErrorList{}
|
|
}
|
|
|
|
func ValidatePodLogOptions(opts *v1.PodLogOptions) field.ErrorList {
|
|
allErrs := field.ErrorList{}
|
|
if opts.TailLines != nil && *opts.TailLines < 0 {
|
|
allErrs = append(allErrs, field.Invalid(field.NewPath("tailLines"), *opts.TailLines, isNegativeErrorMsg))
|
|
}
|
|
if opts.LimitBytes != nil && *opts.LimitBytes < 1 {
|
|
allErrs = append(allErrs, field.Invalid(field.NewPath("limitBytes"), *opts.LimitBytes, "must be greater than 0"))
|
|
}
|
|
switch {
|
|
case opts.SinceSeconds != nil && opts.SinceTime != nil:
|
|
allErrs = append(allErrs, field.Forbidden(field.NewPath(""), "at most one of `sinceTime` or `sinceSeconds` may be specified"))
|
|
case opts.SinceSeconds != nil:
|
|
if *opts.SinceSeconds < 1 {
|
|
allErrs = append(allErrs, field.Invalid(field.NewPath("sinceSeconds"), *opts.SinceSeconds, "must be greater than 0"))
|
|
}
|
|
}
|
|
return allErrs
|
|
}
|
|
|
|
func AccumulateUniqueHostPorts(containers []v1.Container, accumulator *sets.String, fldPath *field.Path) field.ErrorList {
|
|
allErrs := field.ErrorList{}
|
|
|
|
for ci, ctr := range containers {
|
|
idxPath := fldPath.Index(ci)
|
|
portsPath := idxPath.Child("ports")
|
|
for pi := range ctr.Ports {
|
|
idxPath := portsPath.Index(pi)
|
|
port := ctr.Ports[pi].HostPort
|
|
if port == 0 {
|
|
continue
|
|
}
|
|
str := fmt.Sprintf("%d/%s", port, ctr.Ports[pi].Protocol)
|
|
if accumulator.Has(str) {
|
|
allErrs = append(allErrs, field.Duplicate(idxPath.Child("hostPort"), str))
|
|
} else {
|
|
accumulator.Insert(str)
|
|
}
|
|
}
|
|
}
|
|
return allErrs
|
|
}
|