Merge pull request #55578 from xiangpengzhao/validatePodCidr

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Validate podCIDR of node spec. **Release note**: ```release-note NONE ```
2017-11-14 23:12:58 -08:00 · 2017-11-14 23:12:58 -08:00 · 86480fc0af
parent ebe8ea73fd f903b7a85c
commit 86480fc0af
3 changed files with 53 additions and 14 deletions
--- a/pkg/apis/core/validation/validation.go
+++ b/pkg/apis/core/validation/validation.go
@ -3532,7 +3532,12 @@ func ValidateNode(node *core.Node) field.ErrorList {
 		allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "configSource"), "configSource may only be set if the DynamicKubeletConfig feature gate is enabled)"))
 	}

-	// TODO(rjnagal): Ignore PodCIDR till its completely implemented.
+	if len(node.Spec.PodCIDR) != 0 {
+		_, err := ValidateCIDR(node.Spec.PodCIDR)
+		if err != nil {
+			allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "podCIDR"), node.Spec.PodCIDR, "not a valid CIDR"))
+		}
+	}
 	return allErrs
 }

@ -4526,3 +4531,12 @@ func validateStorageNodeAffinityAnnotation(annotations map[string]string, fldPat
 	}
 	return policySpecified, allErrs
 }
+
+// ValidateCIDR validates whether a CIDR matches the conventions expected by net.ParseCIDR
+func ValidateCIDR(cidr string) (*net.IPNet, error) {
+	_, net, err := net.ParseCIDR(cidr)
+	if err != nil {
+		return nil, err
+	}
+	return net, nil
+}
--- a/pkg/apis/core/validation/validation_test.go
+++ b/pkg/apis/core/validation/validation_test.go
@ -8273,6 +8273,24 @@ func TestValidateNode(t *testing.T) {
 				ExternalID: "external",
 			},
 		},
+		{
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "abc",
+			},
+			Status: core.NodeStatus{
+				Addresses: []core.NodeAddress{
+					{Type: core.NodeExternalIP, Address: "something"},
+				},
+				Capacity: core.ResourceList{
+					core.ResourceName(core.ResourceCPU):    resource.MustParse("10"),
+					core.ResourceName(core.ResourceMemory): resource.MustParse("0"),
+				},
+			},
+			Spec: core.NodeSpec{
+				ExternalID: "external",
+				PodCIDR:    "192.168.0.0/16",
+			},
+		},
 	}
 	for _, successCase := range successCases {
 		if errs := ValidateNode(&successCase); len(errs) != 0 {
@ -8496,6 +8514,24 @@ func TestValidateNode(t *testing.T) {
 				ExternalID: "external",
 			},
 		},
+		"invalid-pod-cidr": {
+			ObjectMeta: metav1.ObjectMeta{
+				Name: "abc",
+			},
+			Status: core.NodeStatus{
+				Addresses: []core.NodeAddress{
+					{Type: core.NodeExternalIP, Address: "something"},
+				},
+				Capacity: core.ResourceList{
+					core.ResourceName(core.ResourceCPU):    resource.MustParse("10"),
+					core.ResourceName(core.ResourceMemory): resource.MustParse("0"),
+				},
+			},
+			Spec: core.NodeSpec{
+				ExternalID: "external",
+				PodCIDR:    "192.168.0.0",
+			},
+		},
 	}
 	for k, v := range errorCases {
 		errs := ValidateNode(&v)
--- a/pkg/apis/networking/validation/validation.go
+++ b/pkg/apis/networking/validation/validation.go
@ -17,8 +17,6 @@ limitations under the License.
 package validation

 import (
-	"net"
-
 	unversionedvalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/util/sets"
@ -163,7 +161,7 @@ func ValidateIPBlock(ipb *networking.IPBlock, fldPath *field.Path) field.ErrorLi
 		allErrs = append(allErrs, field.Required(fldPath.Child("cidr"), ""))
 		return allErrs
 	}
-	cidrIPNet, err := validateCIDR(ipb.CIDR)
+	cidrIPNet, err := apivalidation.ValidateCIDR(ipb.CIDR)
 	if err != nil {
 		allErrs = append(allErrs, field.Invalid(fldPath.Child("cidr"), ipb.CIDR, "not a valid CIDR"))
 		return allErrs
@ -171,7 +169,7 @@ func ValidateIPBlock(ipb *networking.IPBlock, fldPath *field.Path) field.ErrorLi
 	exceptCIDR := ipb.Except
 	for i, exceptIP := range exceptCIDR {
 		exceptPath := fldPath.Child("except").Index(i)
-		exceptCIDR, err := validateCIDR(exceptIP)
+		exceptCIDR, err := apivalidation.ValidateCIDR(exceptIP)
 		if err != nil {
 			allErrs = append(allErrs, field.Invalid(exceptPath, exceptIP, "not a valid CIDR"))
 			return allErrs
@ -182,12 +180,3 @@ func ValidateIPBlock(ipb *networking.IPBlock, fldPath *field.Path) field.ErrorLi
 	}
 	return allErrs
 }
-
-// validateCIDR validates whether a CIDR matches the conventions expected by net.ParseCIDR
-func validateCIDR(cidr string) (*net.IPNet, error) {
-	_, net, err := net.ParseCIDR(cidr)
-	if err != nil {
-		return nil, err
-	}
-	return net, nil
-}