metropolis/node: validate label prefixes with our own function
I think it makes sense to use our own domain validation function here
instead of using the function from Kubernetes. The Kubernetes one is
less strict than ours, and actually allows names which are not valid
DNS names, because it does not limit the length of labels to 63.
All labels which are valid according to ValidateLabelKey should also be
valid according to Kubernetes IsQualifiedName, and I added a test for
this. We need this property for synchronizing labels to Kubernetes.
Change-Id: I0f96551b7d41f38b28174b7349cd8f37e6fd8f81
Reviewed-on: https://review.monogon.dev/c/monogon/+/3624
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
diff --git a/metropolis/node/labels.go b/metropolis/node/labels.go
index 93f1551..b829302 100644
--- a/metropolis/node/labels.go
+++ b/metropolis/node/labels.go
@@ -5,8 +5,6 @@
"regexp"
"strings"
- "k8s.io/apimachinery/pkg/util/validation"
-
cpb "source.monogon.dev/metropolis/proto/common"
)
@@ -43,8 +41,8 @@
if prefix == "" {
return ErrLabelEmptyPrefix
}
- if errs := validation.IsDNS1123Subdomain(prefix); len(errs) > 0 {
- return ErrLabelInvalidPrefix
+ if err := validateDomainName(prefix); err != nil {
+ return fmt.Errorf("invalid prefix: %w", err)
}
return nil
}