You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using ValidationAdmissionHooks would enable us to treat DANM related API objects as "real", API-server managed core objects all over the project from user perspective.
This would be very much inline with what we are trying to achieve, and would be very beneficial for users :)
Hooks could be injected to three places:
1: DanmNet: all DanmNet validation rules could be extracted from netwatcher, and put into a validation webhook. This would fail DanmNet creation at creation time, rather than in run-time
2: Pod: Pod admission could be rejected if the network connection annotation field is not proper (badly formatted JSON, non-existing networks).
3: Service: DANM related annotations could be validated here too, and Service creation rejected if the referenced network does not even exist in the user's namespace
The text was updated successfully, but these errors were encountered:
Additional use-case: it could be validated that allocation_pools don't overlap between DanmNets, at least within the same K8s namespace
Related issue: #49
Using ValidationAdmissionHooks would enable us to treat DANM related API objects as "real", API-server managed core objects all over the project from user perspective.
This would be very much inline with what we are trying to achieve, and would be very beneficial for users :)
Hooks could be injected to three places:
1: DanmNet: all DanmNet validation rules could be extracted from netwatcher, and put into a validation webhook. This would fail DanmNet creation at creation time, rather than in run-time
2: Pod: Pod admission could be rejected if the network connection annotation field is not proper (badly formatted JSON, non-existing networks).
3: Service: DANM related annotations could be validated here too, and Service creation rejected if the referenced network does not even exist in the user's namespace
The text was updated successfully, but these errors were encountered: