Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HOSTEDCP-2075: DNS and NodePort address CEL #5164

Closed
wants to merge 4 commits into from
Closed

HOSTEDCP-2075: DNS and NodePort address CEL #5164

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
6a10ec5
Add validation and tests for hc.spec.dns input
enxebre Nov 20, 2024
f4f0e54
Run make update
enxebre Nov 20, 2024
c2796bc
Use isIp to validate nodePort.address
enxebre Nov 20, 2024
a21c7a6
Run make update
enxebre Nov 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions api/hypershift/v1beta1/hostedcluster_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -760,7 +760,7 @@ type NodePortPublishingStrategy struct {
// address is the host/ip that the NodePort service is exposed over.
// +kubebuilder:validation:MaxLength=253
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:XValidation:rule=`self.matches('^(([a-zA-Z0-9][-a-zA-Z0-9]*\\.)+[a-zA-Z]{2,}|localhost)$') || self.matches('^((\\d{1,3}\\.){3}\\d{1,3})$') || self.matches('^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$')`, message="address must be a valid hostname, IPv4, or IPv6 address"
// +kubebuilder:validation:XValidation:rule=`isIP(self) || self.matches('^(([a-zA-Z0-9][-a-zA-Z0-9]*\\.)+[a-zA-Z]{2,}|localhost)$') || self.matches('^((\\d{1,3}\\.){3}\\d{1,3})$') || self.matches('^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$')`, message="address must be a valid hostname, IPv4, or IPv6 address"
// +required
Address string `json:"address"`

Expand All @@ -773,7 +773,7 @@ type NodePortPublishingStrategy struct {
type LoadBalancerPublishingStrategy struct {
// hostname is the name of the DNS record that will be created pointing to the LoadBalancer and passed through to consumers of the service.
// If ommited, the value will be infered from the corev1.Service Load balancer type .status.
// +kubebuilder:validation:XValidation:rule=`self.matches('^(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}$')`,message="baseDomain must be a valid base domain (e.g., example.com)"
// +kubebuilder:validation:XValidation:rule=`self.matches('^(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}$')`,message="hostname must be a valid base domain (e.g., example.com)"
// +kubebuilder:validation:MaxLength=253
// +kubebuilder:validation:MinLength=1
// +optional
Expand All @@ -798,6 +798,7 @@ type DNSSpec struct {
// If baseDomainPrefix is ommitted, the hostedCluster.name will be used as the subdomain.
// Once set, this field is immutable.
// When the value is the empty string "", the controller might default to a value depending on the platform.
// +kubebuilder:validation:XValidation:rule=`self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')`,message="baseDomain must be a valid domain (e.g., example, example.com, sub.example.com)"
// +kubebuilder:validation:XValidation:rule=`oldSelf == "" || self == oldSelf`, message="baseDomain is immutable"
// +kubebuilder:validation:MaxLength=253
// +immutable
Expand All @@ -808,6 +809,7 @@ type DNSSpec struct {
// It will be used to confgure ingress in the hosted cluster through the subdomain baseDomainPrefix.baseDomain.
Copy link
Contributor

@muraee muraee Nov 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// It will be used to confgure ingress in the hosted cluster through the subdomain baseDomainPrefix.baseDomain.
// It will be used to configure ingress in the hosted cluster through the subdomain baseDomainPrefix.baseDomain.

unrelated typo to this PR, but I think it's worth fixing here.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

happy to tag it anyway.

// If baseDomainPrefix is ommitted, the hostedCluster.name will be used as the subdomain.
// Set baseDomainPrefix to an empty string "", if you don't want a prefix at all (not even hostedCluster.name) to be prepended to baseDomain.
// +kubebuilder:validation:XValidation:rule=`self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')`,message="baseDomainPrefix must be a valid domain (e.g., example, example.com, sub.example.com)"
// This field is immutable.
// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="baseDomainPrefix is immutable"
// +kubebuilder:validation:MaxLength=253
Expand Down
10 changes: 8 additions & 2 deletions ...erated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2073,6 +2073,9 @@ spec:
maxLength: 253
type: string
x-kubernetes-validations:
- message: baseDomain must be a valid domain (e.g., example, example.com,
sub.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
- message: baseDomain is immutable
rule: oldSelf == "" || self == oldSelf
baseDomainPrefix:
Expand All @@ -2085,6 +2088,9 @@ spec:
maxLength: 253
type: string
x-kubernetes-validations:
- message: baseDomainPrefix must be a valid domain (e.g., example,
example.com, sub.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
- message: baseDomainPrefix is immutable
rule: self == oldSelf
privateZoneID:
Expand Down Expand Up @@ -3892,7 +3898,7 @@ spec:
minLength: 1
type: string
x-kubernetes-validations:
- message: baseDomain must be a valid base domain (e.g.,
- message: hostname must be a valid base domain (e.g.,
example.com)
rule: self.matches('^(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}$')
type: object
Expand All @@ -3909,7 +3915,7 @@ spec:
x-kubernetes-validations:
- message: address must be a valid hostname, IPv4, or
IPv6 address
rule: self.matches('^(([a-zA-Z0-9][-a-zA-Z0-9]*\\.)+[a-zA-Z]{2,}|localhost)$')
rule: isIP(self) || self.matches('^(([a-zA-Z0-9][-a-zA-Z0-9]*\\.)+[a-zA-Z]{2,}|localhost)$')
|| self.matches('^((\\d{1,3}\\.){3}\\d{1,3})$')
|| self.matches('^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$')
port:
Expand Down
10 changes: 8 additions & 2 deletions ...regated-crd-manifests/hostedclusters.hypershift.openshift.io/AROHCPManagedIdentities.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2069,6 +2069,9 @@ spec:
maxLength: 253
type: string
x-kubernetes-validations:
- message: baseDomain must be a valid domain (e.g., example, example.com,
sub.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
- message: baseDomain is immutable
rule: oldSelf == "" || self == oldSelf
baseDomainPrefix:
Expand All @@ -2081,6 +2084,9 @@ spec:
maxLength: 253
type: string
x-kubernetes-validations:
- message: baseDomainPrefix must be a valid domain (e.g., example,
example.com, sub.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
- message: baseDomainPrefix is immutable
rule: self == oldSelf
privateZoneID:
Expand Down Expand Up @@ -4137,7 +4143,7 @@ spec:
minLength: 1
type: string
x-kubernetes-validations:
- message: baseDomain must be a valid base domain (e.g.,
- message: hostname must be a valid base domain (e.g.,
example.com)
rule: self.matches('^(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}$')
type: object
Expand All @@ -4154,7 +4160,7 @@ spec:
x-kubernetes-validations:
- message: address must be a valid hostname, IPv4, or
IPv6 address
rule: self.matches('^(([a-zA-Z0-9][-a-zA-Z0-9]*\\.)+[a-zA-Z]{2,}|localhost)$')
rule: isIP(self) || self.matches('^(([a-zA-Z0-9][-a-zA-Z0-9]*\\.)+[a-zA-Z]{2,}|localhost)$')
|| self.matches('^((\\d{1,3}\\.){3}\\d{1,3})$')
|| self.matches('^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$')
port:
Expand Down
10 changes: 8 additions & 2 deletions ...gated-crd-manifests/hostedclusters.hypershift.openshift.io/DynamicResourceAllocation.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2090,6 +2090,9 @@ spec:
maxLength: 253
type: string
x-kubernetes-validations:
- message: baseDomain must be a valid domain (e.g., example, example.com,
sub.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
- message: baseDomain is immutable
rule: oldSelf == "" || self == oldSelf
baseDomainPrefix:
Expand All @@ -2102,6 +2105,9 @@ spec:
maxLength: 253
type: string
x-kubernetes-validations:
- message: baseDomainPrefix must be a valid domain (e.g., example,
example.com, sub.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
- message: baseDomainPrefix is immutable
rule: self == oldSelf
privateZoneID:
Expand Down Expand Up @@ -3901,7 +3907,7 @@ spec:
minLength: 1
type: string
x-kubernetes-validations:
- message: baseDomain must be a valid base domain (e.g.,
- message: hostname must be a valid base domain (e.g.,
example.com)
rule: self.matches('^(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}$')
type: object
Expand All @@ -3918,7 +3924,7 @@ spec:
x-kubernetes-validations:
- message: address must be a valid hostname, IPv4, or
IPv6 address
rule: self.matches('^(([a-zA-Z0-9][-a-zA-Z0-9]*\\.)+[a-zA-Z]{2,}|localhost)$')
rule: isIP(self) || self.matches('^(([a-zA-Z0-9][-a-zA-Z0-9]*\\.)+[a-zA-Z]{2,}|localhost)$')
|| self.matches('^((\\d{1,3}\\.){3}\\d{1,3})$')
|| self.matches('^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$')
port:
Expand Down
10 changes: 8 additions & 2 deletions ...rated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2311,6 +2311,9 @@ spec:
maxLength: 253
type: string
x-kubernetes-validations:
- message: baseDomain must be a valid domain (e.g., example, example.com,
sub.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
- message: baseDomain is immutable
rule: oldSelf == "" || self == oldSelf
baseDomainPrefix:
Expand All @@ -2323,6 +2326,9 @@ spec:
maxLength: 253
type: string
x-kubernetes-validations:
- message: baseDomainPrefix must be a valid domain (e.g., example,
example.com, sub.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
- message: baseDomainPrefix is immutable
rule: self == oldSelf
privateZoneID:
Expand Down Expand Up @@ -4122,7 +4128,7 @@ spec:
minLength: 1
type: string
x-kubernetes-validations:
- message: baseDomain must be a valid base domain (e.g.,
- message: hostname must be a valid base domain (e.g.,
example.com)
rule: self.matches('^(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}$')
type: object
Expand All @@ -4139,7 +4145,7 @@ spec:
x-kubernetes-validations:
- message: address must be a valid hostname, IPv4, or
IPv6 address
rule: self.matches('^(([a-zA-Z0-9][-a-zA-Z0-9]*\\.)+[a-zA-Z]{2,}|localhost)$')
rule: isIP(self) || self.matches('^(([a-zA-Z0-9][-a-zA-Z0-9]*\\.)+[a-zA-Z]{2,}|localhost)$')
|| self.matches('^((\\d{1,3}\\.){3}\\d{1,3})$')
|| self.matches('^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$')
port:
Expand Down
10 changes: 8 additions & 2 deletions ...egated-crd-manifests/hostedclusters.hypershift.openshift.io/NetworkDiagnosticsConfig.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2221,6 +2221,9 @@ spec:
maxLength: 253
type: string
x-kubernetes-validations:
- message: baseDomain must be a valid domain (e.g., example, example.com,
sub.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
- message: baseDomain is immutable
rule: oldSelf == "" || self == oldSelf
baseDomainPrefix:
Expand All @@ -2233,6 +2236,9 @@ spec:
maxLength: 253
type: string
x-kubernetes-validations:
- message: baseDomainPrefix must be a valid domain (e.g., example,
example.com, sub.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
- message: baseDomainPrefix is immutable
rule: self == oldSelf
privateZoneID:
Expand Down Expand Up @@ -4032,7 +4038,7 @@ spec:
minLength: 1
type: string
x-kubernetes-validations:
- message: baseDomain must be a valid base domain (e.g.,
- message: hostname must be a valid base domain (e.g.,
example.com)
rule: self.matches('^(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}$')
type: object
Expand All @@ -4049,7 +4055,7 @@ spec:
x-kubernetes-validations:
- message: address must be a valid hostname, IPv4, or
IPv6 address
rule: self.matches('^(([a-zA-Z0-9][-a-zA-Z0-9]*\\.)+[a-zA-Z]{2,}|localhost)$')
rule: isIP(self) || self.matches('^(([a-zA-Z0-9][-a-zA-Z0-9]*\\.)+[a-zA-Z]{2,}|localhost)$')
|| self.matches('^((\\d{1,3}\\.){3}\\d{1,3})$')
|| self.matches('^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$')
port:
Expand Down
10 changes: 8 additions & 2 deletions ...enerated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/OpenStack.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2069,6 +2069,9 @@ spec:
maxLength: 253
type: string
x-kubernetes-validations:
- message: baseDomain must be a valid domain (e.g., example, example.com,
sub.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
- message: baseDomain is immutable
rule: oldSelf == "" || self == oldSelf
baseDomainPrefix:
Expand All @@ -2081,6 +2084,9 @@ spec:
maxLength: 253
type: string
x-kubernetes-validations:
- message: baseDomainPrefix must be a valid domain (e.g., example,
example.com, sub.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
- message: baseDomainPrefix is immutable
rule: self == oldSelf
privateZoneID:
Expand Down Expand Up @@ -4354,7 +4360,7 @@ spec:
minLength: 1
type: string
x-kubernetes-validations:
- message: baseDomain must be a valid base domain (e.g.,
- message: hostname must be a valid base domain (e.g.,
example.com)
rule: self.matches('^(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}$')
type: object
Expand All @@ -4371,7 +4377,7 @@ spec:
x-kubernetes-validations:
- message: address must be a valid hostname, IPv4, or
IPv6 address
rule: self.matches('^(([a-zA-Z0-9][-a-zA-Z0-9]*\\.)+[a-zA-Z]{2,}|localhost)$')
rule: isIP(self) || self.matches('^(([a-zA-Z0-9][-a-zA-Z0-9]*\\.)+[a-zA-Z]{2,}|localhost)$')
|| self.matches('^((\\d{1,3}\\.){3}\\d{1,3})$')
|| self.matches('^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$')
port:
Expand Down
10 changes: 8 additions & 2 deletions ...d.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AAA_ungated.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2014,6 +2014,9 @@ spec:
maxLength: 253
type: string
x-kubernetes-validations:
- message: baseDomain must be a valid domain (e.g., example, example.com,
sub.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
- message: baseDomain is immutable
rule: oldSelf == "" || self == oldSelf
baseDomainPrefix:
Expand All @@ -2026,6 +2029,9 @@ spec:
maxLength: 253
type: string
x-kubernetes-validations:
- message: baseDomainPrefix must be a valid domain (e.g., example,
example.com, sub.example.com)
rule: self == "" || self.matches('^(?:(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}|[a-zA-Z0-9-]+)$')
- message: baseDomainPrefix is immutable
rule: self == oldSelf
privateZoneID:
Expand Down Expand Up @@ -3748,7 +3754,7 @@ spec:
minLength: 1
type: string
x-kubernetes-validations:
- message: baseDomain must be a valid base domain (e.g.,
- message: hostname must be a valid base domain (e.g.,
example.com)
rule: self.matches('^(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,}$')
type: object
Expand All @@ -3765,7 +3771,7 @@ spec:
x-kubernetes-validations:
- message: address must be a valid hostname, IPv4, or
IPv6 address
rule: self.matches('^(([a-zA-Z0-9][-a-zA-Z0-9]*\\.)+[a-zA-Z]{2,}|localhost)$')
rule: isIP(self) || self.matches('^(([a-zA-Z0-9][-a-zA-Z0-9]*\\.)+[a-zA-Z]{2,}|localhost)$')
|| self.matches('^((\\d{1,3}\\.){3}\\d{1,3})$')
|| self.matches('^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$')
port:
Expand Down
Loading