Add validation for Workload via webhook #225
Conversation
k8s-ci-robot
added
kind/feature
k8s-ci-robot
added
the
size/M
|
@knight42: GitHub didn't allow me to request PR reviews from the following users: kerthcet. Note that only kubernetes-sigs members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
| } | ||
|
|
||
| // ValidateDelete implements webhook.Validator so a webhook will be registered for the type | ||
| func (r *Workload) ValidateDelete() error { | ||
| return nil | ||
| } | ||
|
|
||
| func validateWorkload(obj *Workload) field.ErrorList { |
There was a problem hiding this comment.
We should also validate the PriorityClassName, it should be a DNS subdomain, although we ensured this in JobController, but we will have multi implements in the future, it can prevent the problem as early as possible.
There was a problem hiding this comment.
Should we also make sure the queue name shouldn't be empty as I asked before. I think so if we don't have default ones. @ahg-g
There was a problem hiding this comment.
Should we also make sure the queue name shouldn't be empty as I asked before. I think so if we don't have default ones.
How about if the user create the default queue after the workload created ?
There was a problem hiding this comment.
I think we should not fail the Workload creation if the queue name is missing. This is because a user could create a Job without a queue annotation and decide to add it later. We need the Workload object to post an Event that indicates why the workload is not schedulable.
| } | ||
|
|
||
| // ValidateDelete implements webhook.Validator so a webhook will be registered for the type | ||
| func (r *Workload) ValidateDelete() error { | ||
| return nil | ||
| } | ||
|
|
||
| func validateWorkload(obj *Workload) field.ErrorList { |
There was a problem hiding this comment.
Should we also make sure the queue name shouldn't be empty as I asked before. I think so if we don't have default ones.
How about if the user create the default queue after the workload created ?
| for i, podSet := range obj.Spec.PodSets { | ||
| if podSet.Count <= 0 { | ||
| allErrs = append(allErrs, field.Invalid( | ||
| field.NewPath("spec").Child("podSets").Index(i).Child("count"), |
There was a problem hiding this comment.
Can you also check the priority in workload?
There was a problem hiding this comment.
Yeah of course, the highest priority for user defined priority class is 1 biliion, should we take predefined system priority classes into account as well?
k8s-ci-robot
added
size/L
|
/assign |
|
/retitle Add validation for Workload via webhook |
k8s-ci-robot
changed the title
| } | ||
|
|
||
| // ValidateDelete implements webhook.Validator so a webhook will be registered for the type | ||
| func (r *Workload) ValidateDelete() error { | ||
| return nil | ||
| } | ||
|
|
||
| func validateWorkload(obj *Workload) field.ErrorList { |
There was a problem hiding this comment.
I think we should not fail the Workload creation if the queue name is missing. This is because a user could create a Job without a queue annotation and decide to add it later. We need the Workload object to post an Event that indicates why the workload is not schedulable.
| ) | ||
|
|
||
| // makeWorkload is copied from "sigs.k8s.io/kueue/pkg/util/testing" | ||
| // NOTE: we could not import "sigs.k8s.io/kueue/pkg/util/testing" because of cyclic import. |
There was a problem hiding this comment.
I think you can avoid the circular dependency doing this: https://github.com/golang/go/wiki/CodeReviewComments#import-dot
There was a problem hiding this comment.
@alculquicondor Hi, I have switched to dot import, but it seems a workaround to me, should me move the validation logic to a separate package, such as pkg/validation?
There was a problem hiding this comment.
yeah, that's actually a better idea.
Let's do it in apis/kueue/v1alpha1/validation
There was a problem hiding this comment.
hmm I just realize this won't work, the circular dependency still persists: the package apis/kueue/v1alpha1/validation imports the Worload struct from apis/kueue/v1alpha1, and apis/kueue/v1alpha1 imports apis/kueue/v1alpha1/validation for the validator. The root cause is that the validator function is called inside apis/kueue/v1alpha1 package.
There was a problem hiding this comment.
Workload doesn't have to implement the Defaulter or Validator interface. You could create a new type for it that lives in a webhooks package.
There was a problem hiding this comment.
Regarding of the definition of Defaulter or Validator interface:
type Defaulter interface {
runtime.Object
Default()
}
type Validator interface {
runtime.Object
ValidateCreate() error
ValidateUpdate(old runtime.Object) error
ValidateDelete() error
}it seems these interfaces could only be implements on the Workload struct, otherwise we could not access the fields.
There was a problem hiding this comment.
ahhh, I missed that they depend on runtime.Object 😞
I guess we have to go the dotimport route then.
k8s-ci-robot
added
the
needs-rebase
knight42
force-pushed
the
feat/validate-webhook
branch
from
8335f02 to
977d6b7
Compare
k8s-ci-robot
removed
the
needs-rebase
knight42
force-pushed
the
feat/validate-webhook
branch
from
977d6b7 to
9409e57
Compare
k8s-ci-robot
added
the
needs-rebase
knight42
force-pushed
the
feat/validate-webhook
branch
from
9409e57 to
0053275
Compare
k8s-ci-robot
removed
the
needs-rebase
|
@knight42 do you need help moving forward with this PR? |
|
@ahg-g Hi! Sorry for the late response, I just return from vacation, I am discussing with @alculquicondor about the implmenetation details: #225 (comment). It would be nice if I could hear your advice! |
Thank a lot @knight42 , I was just wondering if there is something you needed help with, I hope you had a great vacation :)
I will leave this to Aldo just so you get consistent feedback. |
| @@ -0,0 +1,57 @@ | |||
| // Rename the package to avoid circular dependencies which is caused by "sigs.k8s.io/kueue/pkg/util/testing". | |||
| // See also: https://github.com/golang/go/wiki/CodeReviewComments#import-dot | |||
There was a problem hiding this comment.
This file is missing the copyright notice.
Also, a comment just up from the package name makes it part of the package doc. Can you move it bellow?
pkg/util/testing/wrappers.go
Outdated
| return w | ||
| } | ||
|
|
||
| func (w *WorkloadWrapper) PodSetCount(count int32) *WorkloadWrapper { |
There was a problem hiding this comment.
This is way too specific. Just use PodSets to pass a list with the necessary count.
| err := k8sClient.Create(ctx, workload) | ||
| gomega.Expect(err).Should(gomega.HaveOccurred()) | ||
| status := err.(*errors.StatusError).Status() | ||
| gomega.Expect(status).Should(testing.Equal(metav1.Status{ |
There was a problem hiding this comment.
It would be clearer to just use errors.IsInvalid.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alculquicondor, knight42 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
Signed-off-by: Jian Zeng <[email protected]>
knight42
force-pushed
the
feat/validate-webhook
branch
from
e8d2cc3 to
e5d79ab
Compare
k8s-ci-robot
added
the
lgtm
Signed-off-by: Jian Zeng [email protected]
What type of PR is this?
/kind feature
What this PR does / why we need it:
Add basic validating webhook for Workload.
Which issue(s) this PR fixes:
Part of #171
Special notes for your reviewer: