KEP-3008: fix formatting, add validation

kubernetes · Feb 2, 2022 · 310c242 · 310c242
1 parent 8e489e0
commit 310c242
Showing 1 changed file with 29 additions and 22 deletions.
diff --git a/keps/sig-node/3008-cri-class-based-resources/README.md b/keps/sig-node/3008-cri-class-based-resources/README.md
@@ -362,15 +362,15 @@ field, providing per-container setting for class resources.
      // Configuration specific to Windows containers.
      WindowsContainerConfig windows = 16;
 +
-+   // Configuration of class resources.
-+   ContainerClassResources class_resources = 17;
++    // Configuration of class resources.
++    ContainerClassResources class_resources = 17;
  }
 
 +// ContainerClassResources specifies the configuration of class based
 +// resources of a container.
 +message ContainerClassResources {
 +    // Resource classes of the container will be assigned to
-+    map<string, string> class = 1;
++    map<string, string> classes = 1;
 +}
 ```
 
@@ -407,12 +407,12 @@ Introduce a new field (e.g. class) into ResourceRequirements of Container.
 ```diff
 // ResourceRequirements describes the compute resource requirements.
 type ResourceRequirements struct {
-    // Limits describes the maximum amount of compute resources allowed.
-    Limits ResourceList `json:"limits,omitempty"
-    // Requests describes the minimum amount of compute resources required.
-    Requests ResourceList `json:"requests,omitempty"
-+   // Classes specifies the resource classes that the container should be assigned
-+   Classes map[ClassResourceName]string
+     // Limits describes the maximum amount of compute resources allowed.
+     Limits ResourceList `json:"limits,omitempty"
+     // Requests describes the minimum amount of compute resources required.
+     Requests ResourceList `json:"requests,omitempty"
++    // Classes specifies the resource classes that the container should be assigned
++    Classes map[ClassResourceName]string
 }
 
 +// ClassResourceName is the name of a class-based resource.
@@ -448,6 +448,13 @@ resource discovery or access control kubelet does not do any validity checking
 of the values. Invalid class assignments will cause an error in the container
 runtime.
 
+Input validation of classes very similar to labels is implemented: keys
+(`ClassResourceName`) and values must be non-empty, less than 64 characters
+long, must start and end with an alphanumeric character and may contain only
+alphanumeric characters, dashes, underscores or dots (`-`, `_` or `.`).
+Similar to labels, a namespace prefix (FQDN subdomain separated with a slash)
+in the key is allowed, similar to labels, e.g. `vendor/resource`.
+
 ### Container runtimes
 
 We have open PRs to implement class-based RDT and blockio support in CRI-O and
@@ -662,19 +669,19 @@ If class resources were advertised in node status (similar to other resources),
 access control could be achieved e.g. by extending ResourceQuotaSpec which would implement restrictions based on the namespace.
 
 ```diff
-// ResourceQuotaSpec defines the desired hard limits to enforce for Quota.
-type ResourceQuotaSpec struct {
-    // hard is the set of desired hard limits for each named resource.
-    Hard ResourceList
-    // A collection of filters that must match each object tracked by a quota.
-    // If not specified, the quota matches all objects.
-    Scopes []ResourceQuotaScope 
-    // scopeSelector is also a collection of filters like scopes that must match each
-    // object tracked by a quota but expressed using ScopeSelectorOperator in combination
-    // with possible values.
-    ScopeSelector *ScopeSelector
-+   // AllowedClasses specifies the list of allowed classes for each class-based resource
-+   AllowedClasses map[ClassResourceName]ResourceClassList
+ // ResourceQuotaSpec defines the desired hard limits to enforce for Quota.
+ type ResourceQuotaSpec struct {
+     // hard is the set of desired hard limits for each named resource.
+     Hard ResourceList
+     // A collection of filters that must match each object tracked by a quota.
+     // If not specified, the quota matches all objects.
+     Scopes []ResourceQuotaScope 
+     // scopeSelector is also a collection of filters like scopes that must match each
+     // object tracked by a quota but expressed using ScopeSelectorOperator in combination
+     // with possible values.
+     ScopeSelector *ScopeSelector
++    // AllowedClasses specifies the list of allowed classes for each class-based resource
++    AllowedClasses map[ClassResourceName]ResourceClassList
 }
 
 +// ResourceClassList is a list of classes of a specific type of class-based resource.