Description of problem: Create/edit egressqos with wrong synax/value rules like below success. # oc get egressqos default -o yaml apiVersion: k8s.ovn.org/v1 kind: EgressQoS metadata: creationTimestamp: "2022-06-16T02:20:22Z" generation: 3 name: default namespace: abc resourceVersion: "903874" uid: f72c07c8-a8b8-4cb9-9399-c69e55b67a71 spec: egress: - dscp: 30 dstCIDR: abc&!ABC/24 - dscp: 46 dstCIDR: 3.144.110.173/35 podSelector: matchLabels: name: test-pods - dscp: 50 dstCIDR: asb::/158 - dscp: 10 dstCIDR: 0.0.0.0/0 Version-Release number of selected component (if applicable): # oc version Client Version: 4.11.0-0.nightly-2022-06-11-054027 Kustomize Version: v4.5.4 Server Version: 4.11.0-0.nightly-2022-06-11-054027 Kubernetes Version: v1.24.0+cb71478 How reproducible: 1. create project 2. create egressqos with the yaml above. Actual results: Expected results: egressqos should not be able to created successfully Additional info:
That's a oneline fix if we use https://github.com/kubernetes/kube-openapi/blob/master/pkg/validation/strfmt/format.go#L141 ~~~ diff --git a/go-controller/pkg/crd/egressqos/v1/types.go b/go-controller/pkg/crd/egressqos/v1/types.go index a90ab14ff..f7f6f1a71 100644 --- a/go-controller/pkg/crd/egressqos/v1/types.go +++ b/go-controller/pkg/crd/egressqos/v1/types.go @@ -59,6 +59,7 @@ type EgressQoSRule struct { // This field is optional, and in case it is not set the rule is applied // to all egress traffic regardless of the destination. // +optional + // +kubebuilder:validation:Format="cidr" DstCIDR *string `json:"dstCIDR,omitempty"` // PodSelector applies the QoS rule only to the pods in the namespace whose label ~~~ Verification: ~~~ [root@ovnkubernetes egressqos]# oc apply -f egressqos.yaml egressqos.k8s.ovn.org/default configured [root@ovnkubernetes egressqos]# oc delete -f egressqos.yaml egressqos.k8s.ovn.org "default" deleted [root@ovnkubernetes egressqos]# oc apply -f egressqos-fail.yaml The EgressQoS "default" is invalid: * spec.egress.dstCIDR: Invalid value: "abc&!ABC/24": spec.egress.dstCIDR in body must be of type cidr: "abc&!ABC/24" * spec.egress.dstCIDR: Invalid value: "3.144.110.173/35": spec.egress.dstCIDR in body must be of type cidr: "3.144.110.173/35" * spec.egress.dstCIDR: Invalid value: "af::/158": spec.egress.dstCIDR in body must be of type cidr: "af::/158" [root@ovnkubernetes egressqos]# oc delete -f egressqos-fail.yaml Error from server (NotFound): error when deleting "egressqos-fail.yaml": egressqoses.k8s.ovn.org "default" not found [root@ovnkubernetes egressqos]# cat egressqos.yaml apiVersion: k8s.ovn.org/v1 kind: EgressQoS metadata: name: default namespace: default spec: egress: - dscp: 30 dstCIDR: 192.168.0.1/32 - dscp: 30 dstCIDR: 192.168.0.0/24 - dscp: 46 dstCIDR: 3.144.110.173/24 podSelector: matchLabels: name: test-pods - dscp: 50 dstCIDR: 2000::/64 - dscp: 10 dstCIDR: 0.0.0.0/0 - dscp: 50 dstCIDR: 2000:af::a:b/64 - dscp: 50 dstCIDR: 1762::B03:127.32.67.15/48 - dscp: 50 dstCIDR: 1762:0:0:0:0:B03:127.32.67.15/32 [root@ovnkubernetes egressqos]# cat egressqos-fail.yaml apiVersion: k8s.ovn.org/v1 kind: EgressQoS metadata: name: default namespace: default spec: egress: - dscp: 30 dstCIDR: abc&!ABC/24 - dscp: 46 dstCIDR: 3.144.110.173/35 podSelector: matchLabels: name: test-pods - dscp: 50 dstCIDR: af::/158 - dscp: 10 dstCIDR: 0.0.0.0/0 ~~~