temp2

kubernetes-sigs · Feb 18, 2024 · 6e9cb97 · 6e9cb97
1 parent 75acfa6
commit 6e9cb97
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 16 deletions.
diff --git a/apis/v1alpha1/baselineadminnetworkpolicy_types.go b/apis/v1alpha1/baselineadminnetworkpolicy_types.go
@@ -163,11 +163,11 @@ type BaselineAdminNetworkPolicyEgressRule struct {
 	// If any AdminNetworkPolicyEgressPeer matches the destination of outgoing
 	// traffic then the specified action is applied.
 	// This field must be defined and contain at least one item.
-	// +kubebuilder:validation:MinItems=1
-	// +kubebuilder:validation:MaxItems=100
 	//
 	// Support: Core
 	//
+	// +kubebuilder:validation:MinItems=1
+	// +kubebuilder:validation:MaxItems=100
 	To []AdminNetworkPolicyEgressPeer `json:"to"`
 
 	// Ports allows for matching traffic based on port and protocols.

diff --git a/apis/v1alpha1/shared_types.go b/apis/v1alpha1/shared_types.go
@@ -191,9 +191,8 @@ type AdminNetworkPolicyEgressPeer struct {
 	// <network-policy-api:experimental>
 	// +optional
 	// +kubebuilder:validation:MinItems=1
-	// +kubebuilder:validation:MaxItems=100
-	// +kubebuilder:validation:XValidation:rule="self.all(x, isCIDR(x))",message="Invalid CIDR provided"
-	Networks []string `json:"networks,omitempty"`
+	// +kubebuilder:validation:MaxItems=45
+	Networks []CIDR `json:"networks,omitempty"`
 }
 
 // NamespacedPeer defines a flexible way to select Namespaces in a cluster.
@@ -256,3 +255,8 @@ type NamespacedPodPeer struct {
 	//
 	PodSelector metav1.LabelSelector `json:"podSelector"`
 }
+
+// +kubebuilder:validation:XValidation:rule="isCIDR(self)",message="Invalid CIDR provided"
+// +kubebuilder:validation:MaxLength=48
+// Length 48 is taken from: https://elixir.bootlin.com/linux/latest/source/include/linux/inet.h#L50
+type CIDR string
diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml b/config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml
@@ -265,13 +265,15 @@ spec:
                               format and should be IPv4 or IPv6, for example \"10.0.0.0/8\"
                               or \"fd00::/8\". \n Support: Extended \n <network-policy-api:experimental>"
                             items:
+                              description: 'Length 48 is taken from: https://elixir.bootlin.com/linux/latest/source/include/linux/inet.h#L50'
+                              maxLength: 48
                               type: string
-                            maxItems: 100
+                              x-kubernetes-validations:
+                              - message: Invalid CIDR provided
+                                rule: isCIDR(self)
+                            maxItems: 45
                             minItems: 1
                             type: array
-                            x-kubernetes-validations:
-                            - message: Invalid CIDR provided
-                              rule: self.all(x, isCIDR(x))
                           nodes:
                             description: "Nodes defines a way to select a set of nodes
                               in the cluster. This field follows standard label selector

diff --git a/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml b/config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml
@@ -257,13 +257,15 @@ spec:
                               format and should be IPv4 or IPv6, for example \"10.0.0.0/8\"
                               or \"fd00::/8\". \n Support: Extended \n <network-policy-api:experimental>"
                             items:
+                              description: 'Length 48 is taken from: https://elixir.bootlin.com/linux/latest/source/include/linux/inet.h#L50'
+                              maxLength: 48
                               type: string
-                            maxItems: 100
+                              x-kubernetes-validations:
+                              - message: Invalid CIDR provided
+                                rule: isCIDR(self)
+                            maxItems: 45
                             minItems: 1
                             type: array
-                            x-kubernetes-validations:
-                            - message: Invalid CIDR provided
-                              rule: self.all(x, isCIDR(x))
                           nodes:
                             description: "Nodes defines a way to select a set of nodes
                               in the cluster. This field follows standard label selector

diff --git a/hack/crd-e2e.sh b/hack/crd-e2e.sh
@@ -44,11 +44,11 @@ trap cleanup INT TERM
 res=0
 
 # Install kind
-(go install sigs.k8s.io/kind@v0.21.0) || res=$?
+(go install sigs.k8s.io/kind@v0.22.0) || res=$?
 
 # Create cluster
 KIND_CREATE_ATTEMPTED=true
-kind create cluster --name "${CLUSTER_NAME}" || res=$?
+kind create cluster --name "${CLUSTER_NAME}" --image "quay.io/itssurya/dev-images:kindest-node-v1.30.0-alpha.2" || res=$?
 
 for KUST_FOLDER in bases patches; do
   go run sigs.k8s.io/controller-tools/cmd/controller-gen rbac:roleName=manager-role crd paths=./apis/... output:crd:dir=./config/crd/bases output:stdout || res=$?
@@ -59,6 +59,10 @@ for KUST_FOLDER in bases patches; do
 
 done
 
+# Only for testing purposes, directly install experimental CRDs as well in the CI cluster
+kubectl apply -f ./config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml
+kubectl apply -f ./config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml
+
 # Clean up and exit
 cleanup || res=$?
 exit $res