Add validation for hpa and pdb

Signed-off-by: keithfz <kzeto4@gmail.com>
envoyproxy · Dec 12, 2024 · 3092fef · 3092fef
1 parent 64904cf
commit 3092fef
Show file tree

Hide file tree

Showing 2 changed files with 86 additions and 0 deletions.
diff --git a/api/v1alpha1/validation/envoyproxy_validate.go b/api/v1alpha1/validation/envoyproxy_validate.go
@@ -72,6 +72,14 @@ func validateProvider(spec *egv1a1.EnvoyProxySpec) []error {
 		if len(validateDeploymentErrs) != 0 {
 			errs = append(errs, validateDeploymentErrs...)
 		}
+		validateHpaErrors := validateHpa(spec)
+		if len(validateHpaErrors) != 0 {
+			errs = append(errs, validateHpaErrors...)
+		}
+		validatePdbErrors := validatePdb(spec)
+		if len(validatePdbErrors) != 0 {
+			errs = append(errs, validatePdbErrors...)
+		}
 		validateServiceErrs := validateService(spec)
 		if len(validateServiceErrs) != 0 {
 			errs = append(errs, validateServiceErrs...)
@@ -95,6 +103,36 @@ func validateDeployment(spec *egv1a1.EnvoyProxySpec) []error {
 	return errs
 }
 
+func validateHpa(spec *egv1a1.EnvoyProxySpec) []error {
+	var errs []error
+	if spec.Provider.Kubernetes != nil && spec.Provider.Kubernetes.EnvoyHpa != nil {
+		if patch := spec.Provider.Kubernetes.EnvoyHpa.Patch; patch != nil {
+			if patch.Value.Raw == nil {
+				errs = append(errs, fmt.Errorf("envoy hpa patch object cannot be empty"))
+			}
+			if patch.Type != nil && *patch.Type != egv1a1.JSONMerge && *patch.Type != egv1a1.StrategicMerge {
+				errs = append(errs, fmt.Errorf("unsupported envoy hpa patch type %s", *patch.Type))
+			}
+		}
+	}
+	return errs
+}
+
+func validatePdb(spec *egv1a1.EnvoyProxySpec) []error {
+	var errs []error
+	if spec.Provider.Kubernetes != nil && spec.Provider.Kubernetes.EnvoyPDB != nil {
+		if patch := spec.Provider.Kubernetes.EnvoyPDB.Patch; patch != nil {
+			if patch.Value.Raw == nil {
+				errs = append(errs, fmt.Errorf("envoy pdb patch object cannot be empty"))
+			}
+			if patch.Type != nil && *patch.Type != egv1a1.JSONMerge && *patch.Type != egv1a1.StrategicMerge {
+				errs = append(errs, fmt.Errorf("unsupported envoy pdb patch type %s", *patch.Type))
+			}
+		}
+	}
+	return errs
+}
+
 // TODO: remove this function if CEL validation became stable
 func validateService(spec *egv1a1.EnvoyProxySpec) []error {
 	var errs []error

diff --git a/api/v1alpha1/validation/envoyproxy_validate_test.go b/api/v1alpha1/validation/envoyproxy_validate_test.go
@@ -450,6 +450,54 @@ func TestValidateEnvoyProxy(t *testing.T) {
 			},
 			expected: true,
 		},
+		{
+			name: "should be invalid when hpa patch type is empty",
+			proxy: &egv1a1.EnvoyProxy{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test",
+					Name:      "test",
+				},
+				Spec: egv1a1.EnvoyProxySpec{
+					Provider: &egv1a1.EnvoyProxyProvider{
+						Type: egv1a1.ProviderTypeKubernetes,
+						Kubernetes: &egv1a1.EnvoyProxyKubernetesProvider{
+							EnvoyHpa: &egv1a1.KubernetesHorizontalPodAutoscalerSpec{
+								Patch: &egv1a1.KubernetesPatchSpec{
+									Value: apiextensionsv1.JSON{
+										Raw: []byte{},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			expected: true,
+		},
+		{
+			name: "should be invalid when pdb patch type is empty",
+			proxy: &egv1a1.EnvoyProxy{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "test",
+					Name:      "test",
+				},
+				Spec: egv1a1.EnvoyProxySpec{
+					Provider: &egv1a1.EnvoyProxyProvider{
+						Type: egv1a1.ProviderTypeKubernetes,
+						Kubernetes: &egv1a1.EnvoyProxyKubernetesProvider{
+							EnvoyPDB: &egv1a1.KubernetesPodDisruptionBudgetSpec{
+								Patch: &egv1a1.KubernetesPatchSpec{
+									Value: apiextensionsv1.JSON{
+										Raw: []byte{},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+			expected: true,
+		},
 		{
 			name: "should invalid when patch object is empty",
 			proxy: &egv1a1.EnvoyProxy{