Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ValidationAdmissionHooks to the project #23

Closed
Levovar opened this issue Nov 21, 2018 · 4 comments
Closed

Add ValidationAdmissionHooks to the project #23

Levovar opened this issue Nov 21, 2018 · 4 comments
Labels
enhancement New feature or request

Comments

@Levovar
Copy link
Collaborator

Levovar commented Nov 21, 2018

Using ValidationAdmissionHooks would enable us to treat DANM related API objects as "real", API-server managed core objects all over the project from user perspective.
This would be very much inline with what we are trying to achieve, and would be very beneficial for users :)

Hooks could be injected to three places:
1: DanmNet: all DanmNet validation rules could be extracted from netwatcher, and put into a validation webhook. This would fail DanmNet creation at creation time, rather than in run-time
2: Pod: Pod admission could be rejected if the network connection annotation field is not proper (badly formatted JSON, non-existing networks).
3: Service: DANM related annotations could be validated here too, and Service creation rejected if the referenced network does not even exist in the user's namespace

@Levovar
Copy link
Collaborator Author

Levovar commented Feb 26, 2019

Additional use-case: it could be validated that allocation_pools don't overlap between DanmNets, at least within the same K8s namespace
Related issue:
#49

@Levovar
Copy link
Collaborator Author

Levovar commented Mar 13, 2019

Use-case 5: During a DanmNet DELETE operation it should be also verified that the DanmNet being deleted is not referenced by any running Pods

@Levovar
Copy link
Collaborator Author

Levovar commented May 21, 2019

UC2-5 are still at large

@Levovar
Copy link
Collaborator Author

Levovar commented Aug 6, 2019

UC5, and additional one got implemented by #120
Network validation is considered complete now, so closing the issue.

Pods and Services API can be validated separately, if needed. Currently no plans to do so

@Levovar Levovar closed this as completed Aug 6, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant