Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DRA API: validate node selector labels #128932

Merged
merged 1 commit into from
Nov 22, 2024
Merged

DRA API: validate node selector labels #128932

merged 1 commit into from
Nov 22, 2024

Conversation

pohly
Copy link
Contributor

@pohly pohly commented Nov 22, 2024

What type of PR is this?

/kind bug

What this PR does / why we need it:

Previously, ValidateNodeSelector did not check that labels are valid. Now it does for resource.k8s.io, regardless whether an object already was created with invalid labels in an earlier Kubernetes release. Theoretically this is a breaking change and could cause problems during an upgrade, but that is highly unlikely in practice.

In contrast to node affinity, DRA does not ignore parse errors (= uses NewNodeSelector, not NewLazyErrorNodeSelector), so invalid labels would have been found instead of being silently ignored.

Even if some object has invalid labels, this only affects an alpha -> beta upgrade which isn't guaranteed to work seamlessly.

Which issue(s) this PR fixes:

Related-to: #128156

Special notes for your reviewer:

This PR is a subset of #128212. It was stripped down to just the parts which strengthen validation of resource.k8s.io.

We need to get this included in 1.32 because the resource.k8s.io API gets promoted to beta in 1.32. Making this change later would be more complicated.

Does this PR introduce a user-facing change?

DRA: labels in node selectors now are validated. Invalid labels already caused runtime errors before and are unlikely to occur in practice.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

- [KEP]: https://github.com/kubernetes/enhancements/issues/4381

/cc @AxeZhan @thockin @liggitt @kubernetes/release-team-leads

@AxeZhan @pohly
DRA API: validate node selector labels
3075a9a 
Previously, ValidateNodeSelector did not check that labels are valid. Now it
does for resource.k8s.io, regardless whether an object already was created with
invalid labels in an earlier Kubernetes release. Theoretically this is a
breaking change and could cause problems during an upgrade, but that is highly
unlikely in practice.

In contrast to node affinity, DRA does not ignore parse errors
(= uses NewNodeSelector, not NewLazyErrorNodeSelector), so invalid labels would
have been found instead of being silently ignored.

Even if some object has invalid labels, this only affects an alpha -> beta
upgrade which isn't guaranteed to work seamlessly.
@k8s-ci-robot k8s-ci-robot requested a review from AxeZhan November 22, 2024 08:34
@k8s-ci-robot k8s-ci-robot added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Nov 22, 2024
@k8s-ci-robot k8s-ci-robot requested review from liggitt, thockin and a team November 22, 2024 08:34
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. kind/bug Categorizes issue or PR as related to a bug. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. sig/apps Categorizes an issue or PR as relevant to SIG Apps. wg/device-management Categorizes an issue or PR as relevant to WG Device Management. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Nov 22, 2024
@pohly
Copy link
Contributor Author

pohly commented Nov 22, 2024

/priority critical-urgent

@k8s-ci-robot k8s-ci-robot added priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. and removed needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Nov 22, 2024
@pohly pohly mentioned this pull request Nov 22, 2024
Merged
@liggitt
Copy link
Member

liggitt commented Nov 22, 2024

change lgtm
/lgtm
/approve

I'm strongly in favor of tightening the validation prior to the beta API release. @thockin, would you agree?

If so, this will need milestoning by the release team, ideally ahead of the rc.0

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 22, 2024
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 922547ff7b7cc56898038b29ac3120e9d39941dc

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 22, 2024
@pohly
Copy link
Contributor Author

pohly commented Nov 22, 2024

/hold

For comment by @thockin, in case that we get the milestone first.

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 22, 2024
@fsmunoz
Copy link
Contributor

fsmunoz commented Nov 22, 2024

/milestone v1.32

@k8s-ci-robot k8s-ci-robot added this to the v1.32 milestone Nov 22, 2024
@liggitt liggitt added the triage/accepted Indicates an issue or PR is ready to be actively worked on. label Nov 22, 2024
@k8s-ci-robot k8s-ci-robot removed the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label Nov 22, 2024
@thockin
Copy link
Member

thockin commented Nov 22, 2024
edited
Loading

ACK to fix this before 32.

/approve
/remove hold

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fsmunoz, liggitt, pohly, thockin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@thockin thockin removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 22, 2024
@k8s-ci-robot k8s-ci-robot merged commit e4c1f98 into kubernetes:master Nov 22, 2024
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fsmunoz fsmunoz fsmunoz approved these changes

@AxeZhan AxeZhan Awaiting requested review from AxeZhan

@liggitt liggitt Awaiting requested review from liggitt

@thockin thockin Awaiting requested review from thockin

Assignees

@liggitt liggitt

@thockin thockin

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/apps Categorizes an issue or PR as relevant to SIG Apps. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on. wg/device-management Categorizes an issue or PR as relevant to WG Device Management.
Projects
SIG Apps
Archived in project
SIG Node: Dynamic Resource Allocation
Status: Done
[sig-release] Bug Triage
Archived in project
Milestone
v1.32
Development

Successfully merging this pull request may close these issues.
6 participants
@pohly @liggitt @k8s-ci-robot @fsmunoz @thockin @AxeZhan