Skip to content

Commit 70026e1

Browse files
committed
feat: Restrict NodeReadinessRuleSpec.Taint to "readiness.k8s.io/" prefix
Signed-off-by: Sathvik <Sathvik.S@ibm.com>
1 parent dc4a0b1 commit 70026e1

File tree

10 files changed

+163
-91
lines changed

10 files changed

+163
-91
lines changed

api/v1alpha1/nodereadinessrule_types.go

Lines changed: 32 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,37 @@ const (
4545
TaintStatusAbsent TaintStatus = "Absent"
4646
)
4747

48+
// TaintSpec defines the specific Taint (Key, Value, and Effect) to be managed.
49+
type TaintSpec struct {
50+
// key is the taint key to be applied to a node.
51+
//
52+
// +required
53+
// +kubebuilder:validation:MinLength=17
54+
// +kubebuilder:validation:MaxLength=253
55+
// +kubebuilder:validation:Pattern=`^readiness\.k8s\.io\/.*`
56+
Key string `json:"key,omitempty"`
57+
58+
// value is the taint value corresponding to the taint key.
59+
//
60+
// +optional
61+
// +kubebuilder:validation:MaxLength=63
62+
Value *string `json:"value,omitempty"`
63+
64+
// effect is the effect of the taint on pods
65+
// that do not tolerate the taint.
66+
// Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
67+
//
68+
// +required
69+
// +kubebuilder:validation:Enum=NoSchedule;PreferNoSchedule;NoExecute
70+
Effect corev1.TaintEffect `json:"effect,omitempty"`
71+
72+
// timeAdded represents the time at which the taint was added.
73+
// It is only written for NoExecute taints.
74+
//
75+
// +optional
76+
TimeAdded *metav1.Time `json:"timeAdded,omitempty"`
77+
}
78+
4879
// NodeReadinessRuleSpec defines the desired state of NodeReadinessRule.
4980
type NodeReadinessRuleSpec struct {
5081
// conditions contains a list of the Node conditions that defines the specific
@@ -70,7 +101,7 @@ type NodeReadinessRuleSpec struct {
70101
// on Nodes that meet the defined condition criteria.
71102
//
72103
// +required
73-
Taint corev1.Taint `json:"taint,omitempty,omitzero"`
104+
Taint TaintSpec `json:"taint,omitempty,omitzero"`
74105

75106
// nodeSelector limits the scope of this rule to a specific subset of Nodes.
76107
//

api/v1alpha1/zz_generated.deepcopy.go

Lines changed: 24 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

config/crd/bases/readiness.node.x-k8s.io_nodereadinessrules.yaml

Lines changed: 15 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -160,20 +160,30 @@ spec:
160160
properties:
161161
effect:
162162
description: |-
163-
Required. The effect of the taint on pods
163+
effect is the effect of the taint on pods
164164
that do not tolerate the taint.
165165
Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
166+
enum:
167+
- NoSchedule
168+
- PreferNoSchedule
169+
- NoExecute
166170
type: string
167171
key:
168-
description: Required. The taint key to be applied to a node.
172+
description: key is the taint key to be applied to a node.
173+
maxLength: 253
174+
minLength: 17
175+
pattern: ^readiness\.k8s\.io\/.*
169176
type: string
170177
timeAdded:
171-
description: TimeAdded represents the time at which the taint
172-
was added.
178+
description: |-
179+
timeAdded represents the time at which the taint was added.
180+
It is only written for NoExecute taints.
173181
format: date-time
174182
type: string
175183
value:
176-
description: The taint value corresponding to the taint key.
184+
description: value is the taint value corresponding to the taint
185+
key.
186+
maxLength: 63
177187
type: string
178188
required:
179189
- effect

internal/controller/node_controller.go

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -229,7 +229,7 @@ func (r *RuleReadinessController) getConditionStatus(node *corev1.Node, conditio
229229
}
230230

231231
// hasTaintBySpec checks if a node has a specific taint.
232-
func (r *RuleReadinessController) hasTaintBySpec(node *corev1.Node, taintSpec corev1.Taint) bool {
232+
func (r *RuleReadinessController) hasTaintBySpec(node *corev1.Node, taintSpec readinessv1alpha1.TaintSpec) bool {
233233
for _, taint := range node.Spec.Taints {
234234
if taint.Key == taintSpec.Key && taint.Effect == taintSpec.Effect {
235235
return true
@@ -239,18 +239,23 @@ func (r *RuleReadinessController) hasTaintBySpec(node *corev1.Node, taintSpec co
239239
}
240240

241241
// addTaintBySpec adds a taint to a node.
242-
func (r *RuleReadinessController) addTaintBySpec(ctx context.Context, node *corev1.Node, taintSpec corev1.Taint) error {
242+
func (r *RuleReadinessController) addTaintBySpec(ctx context.Context, node *corev1.Node, taintSpec readinessv1alpha1.TaintSpec) error {
243243
patch := client.StrategicMergeFrom(node.DeepCopy())
244+
var value string
245+
if taintSpec.Value != nil {
246+
value = *taintSpec.Value
247+
}
244248
node.Spec.Taints = append(node.Spec.Taints, corev1.Taint{
245-
Key: taintSpec.Key,
246-
Value: taintSpec.Value,
247-
Effect: taintSpec.Effect,
249+
Key: taintSpec.Key,
250+
Value: value,
251+
Effect: taintSpec.Effect,
252+
TimeAdded: taintSpec.TimeAdded,
248253
})
249254
return r.Patch(ctx, node, patch)
250255
}
251256

252257
// removeTaintBySpec removes a taint from a node.
253-
func (r *RuleReadinessController) removeTaintBySpec(ctx context.Context, node *corev1.Node, taintSpec corev1.Taint) error {
258+
func (r *RuleReadinessController) removeTaintBySpec(ctx context.Context, node *corev1.Node, taintSpec readinessv1alpha1.TaintSpec) error {
254259
patch := client.StrategicMergeFrom(node.DeepCopy())
255260
var newTaints []corev1.Taint
256261
for _, taint := range node.Spec.Taints {

internal/controller/node_controller_test.go

Lines changed: 15 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ var _ = Describe("Node Controller", func() {
3636
const (
3737
nodeName = "node-controller-test-node"
3838
ruleName = "node-controller-test-rule"
39-
taintKey = "test-taint"
39+
taintKey = "readiness.k8s.io/test-taint"
4040
conditionType = "TestCondition"
4141
)
4242

@@ -66,19 +66,19 @@ var _ = Describe("Node Controller", func() {
6666

6767
It("should correctly compare node taints", func() {
6868
taint1 := []corev1.Taint{
69-
{Key: "key1", Effect: corev1.TaintEffectNoSchedule, Value: "value1"},
70-
{Key: "key2", Effect: corev1.TaintEffectNoExecute, Value: "value2"},
69+
{Key: "readiness.k8s.io/key1", Effect: corev1.TaintEffectNoSchedule, Value: "value1"},
70+
{Key: "readiness.k8s.io/key2", Effect: corev1.TaintEffectNoExecute, Value: "value2"},
7171
}
7272
taint2 := []corev1.Taint{
73-
{Key: "key1", Effect: corev1.TaintEffectNoSchedule, Value: "value1"},
74-
{Key: "key2", Effect: corev1.TaintEffectNoExecute, Value: "value2"},
73+
{Key: "readiness.k8s.io/key1", Effect: corev1.TaintEffectNoSchedule, Value: "value1"},
74+
{Key: "readiness.k8s.io/key2", Effect: corev1.TaintEffectNoExecute, Value: "value2"},
7575
}
7676
taint3 := []corev1.Taint{
77-
{Key: "key1", Effect: corev1.TaintEffectNoSchedule, Value: "different"},
78-
{Key: "key2", Effect: corev1.TaintEffectNoExecute, Value: "value2"},
77+
{Key: "readiness.k8s.io/key1", Effect: corev1.TaintEffectNoSchedule, Value: "different"},
78+
{Key: "readiness.k8s.io/key2", Effect: corev1.TaintEffectNoExecute, Value: "value2"},
7979
}
8080
taint4 := []corev1.Taint{
81-
{Key: "key1", Effect: corev1.TaintEffectNoSchedule, Value: "value1"},
81+
{Key: "readiness.k8s.io/key1", Effect: corev1.TaintEffectNoSchedule, Value: "value1"},
8282
}
8383

8484
Expect(taintsEqual(taint1, taint2)).To(BeTrue(), "identical taints should be equal")
@@ -153,7 +153,7 @@ var _ = Describe("Node Controller", func() {
153153
Conditions: []nodereadinessiov1alpha1.ConditionRequirement{
154154
{Type: conditionType, RequiredStatus: corev1.ConditionTrue},
155155
},
156-
Taint: corev1.Taint{
156+
Taint: nodereadinessiov1alpha1.TaintSpec{
157157
Key: taintKey,
158158
Effect: corev1.TaintEffectNoSchedule,
159159
},
@@ -398,7 +398,7 @@ var _ = Describe("Node Controller", func() {
398398
Conditions: []nodereadinessiov1alpha1.ConditionRequirement{
399399
{Type: conditionType, RequiredStatus: corev1.ConditionTrue},
400400
},
401-
Taint: corev1.Taint{
401+
Taint: nodereadinessiov1alpha1.TaintSpec{
402402
Key: taintKey,
403403
Effect: corev1.TaintEffectNoSchedule,
404404
},
@@ -547,7 +547,7 @@ var _ = Describe("Node Controller", func() {
547547
},
548548
Spec: corev1.NodeSpec{
549549
Taints: []corev1.Taint{
550-
{Key: "status-test-taint", Effect: corev1.TaintEffectNoSchedule, Value: "pending"},
550+
{Key: "readiness.k8s.io/status-test-taint", Effect: corev1.TaintEffectNoSchedule, Value: "pending"},
551551
},
552552
},
553553
Status: corev1.NodeStatus{
@@ -557,6 +557,7 @@ var _ = Describe("Node Controller", func() {
557557
},
558558
}
559559

560+
val := "pending"
560561
rule = &nodereadinessiov1alpha1.NodeReadinessRule{
561562
ObjectMeta: metav1.ObjectMeta{
562563
Name: "status-test-rule",
@@ -565,10 +566,10 @@ var _ = Describe("Node Controller", func() {
565566
Conditions: []nodereadinessiov1alpha1.ConditionRequirement{
566567
{Type: "StatusTestCondition", RequiredStatus: corev1.ConditionTrue},
567568
},
568-
Taint: corev1.Taint{
569-
Key: "status-test-taint",
569+
Taint: nodereadinessiov1alpha1.TaintSpec{
570+
Key: "readiness.k8s.io/status-test-taint",
570571
Effect: corev1.TaintEffectNoSchedule,
571-
Value: "pending",
572+
Value: &val,
572573
},
573574
NodeSelector: metav1.LabelSelector{
574575
MatchLabels: map[string]string{"test-group": "status"},

0 commit comments

Comments
 (0)