The containerID regex may be too restrict

[resouer]

https://github.com/projectcalico/libcalico-go/blob/d2fe70a7fc26fff6b08f2f91214cd129ec12426e/lib/validator/v3/validator.go#L55

In hypervisor based container runtime of Kubernetes (KataContainers), we have a containerID with "_" since we added some extra info to containerID which will be used later. While this prevents our users use latest Calico project.

Ref: https://github.com/kubernetes/frakti/issues/281

I would like to ask if it's possible to allow "_" at least in Calico here?

[caseydavenport]

Related to this: https://github.com/projectcalico/libcalico-go/issues/684

I don't see why we can't relax that restriction - @robbrockbank anything I'm missing?

[robbrockbank]

@caseydavenport : I think we can, it might change how we cross-compare the WEP name to the host/orch/workload/endpoint identifiers but that can be done on a per-orchestrator basis.

[resouer]

Thanks for positive response, generally container runtimes will assume plain text for containerID which alias with CNI spec and Kubernetes validation.

[feisuzhu]

This affects me too.

I'm trying to use rkt 1.29.0 + k8s 1.9 + calico/node:v3.0.2 + calico/cni:v2.0.0 + calico/kube-controllers:v2.0.0, with kubelet --container-runtime=rkt （not CRI)， and run into the same problem.

[caseydavenport]

Container ID. A unique plaintext identifier for a container, allocated by the runtime. Must not be empty. Must start with a alphanumeric character, optionally followed by any combination of one or more alphanumeric characters, underscore (_), dot (.) or hyphen (-).

This is what the CNI spec says. So, it does include the _ . and - characters.

Like we identified before, this is unfortunately a bit tricky due to the fact that Kubernetes API objects do not allow _ characters in their names. It will require some design thinking on how we can allow this.