Skip to content

Cluster validation allows invalid worker topology names #12068

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dlipovetsky opened this issue Apr 7, 2025 · 3 comments · May be fixed by #12069
Open

Cluster validation allows invalid worker topology names #12068

dlipovetsky opened this issue Apr 7, 2025 · 3 comments · May be fixed by #12069
Assignees
@dlipovetsky
Labels
area/clusterclass Issues or PRs related to clusterclass kind/bug Categorizes issue or PR as related to a bug. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@dlipovetsky
Copy link
Contributor

What steps did you take and what happened?

The worker topologies are found under Cluster.Spec.Topology.Workers.MachineDeployments and Cluster.Spec.Topology.Workers.MachinePools. Each of these has a Name field.

The the topology controller uses the value of the Name field to generate a MachineDeployment or MachinePool name, respectively, so the value must be a valid Kubernetes resource name, i.e. it must conform to https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names.

Today, the Name field validation checks only length and uniqueness.

If I assign a Name field a value (wrk_z_cli) with an underscore, making it invalid for a Kubernetes resource, I get no validation error. However, the topology controller returns an error when it fails to create a resource. The following controller log excerpt shows this:

I0403 06:16:38.220170       1 reconcile_state.go:66] "Reconciling state for topology owned objects" controller="topology/cluster" controllerGroup="cluster.x-k8s.io" controllerKind="Cluster" Cluster="default/mg-2132-rc1" namespace="default" name="mg-2132-rc1" reconcileID="b97648fc-122b-42df-a1ae-62f55946db6b"
I0403 06:16:38.340486       1 reconcile_state.go:579] "Creating NutanixMachineTemplate/mg-2132-rc1-wrk_z_cli-njvs7" controller="topology/cluster" controllerGroup="cluster.x-k8s.io" controllerKind="Cluster" Cluster="default/mg-2132-rc1" namespace="default" name="mg-2132-rc1" reconcileID="b97648fc-122b-42df-a1ae-62f55946db6b" MachineDeployment="default/mg-2132-rc1-wrk_z_cli-bftqj" machineDeploymentTopology="wrk_z_cli" resource={"group":"infrastructure.cluster.x-k8s.io","version":"v1beta1","resource":"NutanixMachineTemplate"} NutanixMachineTemplate="default/mg-2132-rc1-wrk_z_cli-njvs7"
E0403 06:16:38.344150       1 reconcile_state.go:1253] "Failed to create object" err="NutanixMachineTemplate.infrastructure.cluster.x-k8s.io \"mg-2132-rc1-wrk_z_cli-njvs7\" is invalid: metadata.name: Invalid value: \"mg-2132-rc1-wrk_z_cli-njvs7\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')" controller="topology/cluster" controllerGroup="cluster.x-k8s.io" controllerKind="Cluster" Cluster="default/mg-2132-rc1" namespace="default" name="mg-2132-rc1" reconcileID="b97648fc-122b-42df-a1ae-62f55946db6b" MachineDeployment="default/mg-2132-rc1-wrk_z_cli-bftqj" machineDeploymentTopology="wrk_z_cli" resource={"group":"infrastructure.cluster.x-k8s.io","version":"v1beta1","resource":"NutanixMachineTemplate"} NutanixMachineTemplate="default/mg-2132-rc1-wrk_z_cli-njvs7" NutanixMachineTemplate="default/mg-2132-rc1-wrk_z_cli-njvs7"

What did you expect to happen?

The Cluster validation should reject a worker topology name that would result in an invalid Kubernetes resource name.

Cluster API version

v1.9.4

Kubernetes version

v1.31.4

Anything else you would like to add?

No response

Label(s) to be applied

/kind bug
/area clusterclass
@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. area/clusterclass Issues or PRs related to clusterclass needs-priority Indicates an issue lacks a `priority/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Apr 7, 2025
@dlipovetsky
Copy link
Contributor Author

/assign

@dlipovetsky dlipovetsky linked a pull request Apr 7, 2025 that will close this issue
Open
@sbueringer
Copy link
Member

Makes sense

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Apr 8, 2025
@sbueringer sbueringer added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Apr 8, 2025
@k8s-ci-robot k8s-ci-robot removed the needs-priority Indicates an issue lacks a `priority/foo` label and requires one. label Apr 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dlipovetsky dlipovetsky

Labels
area/clusterclass Issues or PRs related to clusterclass kind/bug Categorizes issue or PR as related to a bug. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

🐛 Fix validation of worker topology names in Cluster resource dlipovetsky/cluster-api
3 participants
@dlipovetsky @sbueringer @k8s-ci-robot