search

telekom / das-schiff-network-operator

Configure netlink interfaces, simple eBPF filters and FRR using Kubernetes resources.
Apache License 2.0
28 stars 2 forks source link

Prohibit usage of vni zero #105

Closed ghost closed 6 months ago

MaxRink commented 6 months ago

I mean the apiserver can also do that enforcement with a block directly

https://kubernetes.io/blog/2022/09/23/crd-validation-rules-beta/

Marcel Fest @.***> schrieb am Fr., 15. März 2024, 21:12:

@.**** commented on this pull request.

In pkg/reconciler/layer3.go https://github.com/telekom/das-schiff-network-operator/pull/105#discussion_r1526786710 :

@@ -165,6 +165,12 @@ func (r *reconcile) createVrfConfigMap(l3vnis []networkv1alpha1.VRFRouteConfigur continue }

  • if vni == 0 {

Should we not do a boundary check here?

vni <= 0 and vni >= max_vni

— Reply to this email directly, view it on GitHub https://github.com/telekom/das-schiff-network-operator/pull/105#pullrequestreview-1940447964, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABFLAD22GOK7BSODM5QRWI3YYNIZBAVCNFSM6AAAAABEX2L2Y2VHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMYTSNBQGQ2DOOJWGQ . You are receiving this because your review was requested.Message ID: @.*** com>

Cellebyte commented 6 months ago

@MaxRink only for the CRD ^^ the ConfigMap needs validation as well :)

MaxRink commented 6 months ago

Make the ConfigMap an CRD :P

Am Sa., 16. März 2024 um 11:25 Uhr schrieb Marcel Fest < @.***>:

@MaxRink https://github.com/MaxRink only for the CRD ^^ the ConfigMap needs validation as well :)

— Reply to this email directly, view it on GitHub https://github.com/telekom/das-schiff-network-operator/pull/105#issuecomment-2001941100, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABFLADZ3X24XDPOLX3HV2GLYYQMXTAVCNFSM6AAAAABEX2L2Y2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMBRHE2DCMJQGA . You are receiving this because you were mentioned.Message ID: @.***>