Skip to content

fix(t8s-cluster): only allow nodePools with valid k8s names#1851

Merged
cwrau merged 1 commit intomainfrom
fix/t8s-cluster/validate-nodepool-names
Dec 4, 2025
Merged

fix(t8s-cluster): only allow nodePools with valid k8s names#1851
cwrau merged 1 commit intomainfrom
fix/t8s-cluster/validate-nodepool-names

Conversation

@cwrau
Copy link
Member

@cwrau cwrau commented Dec 3, 2025
edited
Loading

Summary by CodeRabbit

  • Bug Fixes
    • Enforced node pool name validation (allowed characters and max length 32) to prevent invalid names.

✏️ Tip: You can customize this high-level summary in your review settings.

Copilot AI review requested due to automatic review settings December 3, 2025 13:51
@cwrau cwrau enabled auto-merge December 3, 2025 13:51
@gemini-code-assist
Copy link

gemini-code-assist bot commented Dec 3, 2025

Summary of Changes

Hello @cwrau, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the t8s-cluster Helm chart by implementing stricter validation for node pool names within its values.schema.json. By enforcing Kubernetes naming conventions, it ensures that all node pool names adhere to required standards, which helps prevent potential deployment issues related to invalid resource naming and improves the overall robustness of cluster configurations.

Highlights

  • Schema Validation for Node Pool Names: Introduced a regular expression pattern to enforce valid Kubernetes naming conventions for node pool names within the t8s-cluster Helm chart's values.schema.json.
  • Updated Schema Property Handling: Replaced the generic additionalProperties with patternProperties in the nodePools definition to apply the new naming validation rule to node pool keys.
  • Strict Property Enforcement: Added additionalProperties: false to the nodePools object to ensure that only explicitly defined or pattern-matching properties are allowed, preventing unexpected configurations.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@coderabbitai
Copy link

coderabbitai bot commented Dec 3, 2025
edited
Loading

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Added a top-level propertyNames constraint to nodePools in the Helm chart values schema, enforcing a regex and a maximum length for node pool names; no other per-pool schema fields were changed.

Changes

Cohort / File(s) Summary
Helm Chart Schema — nodePools name constraint
charts/t8s-cluster/values.schema.json		 Added nodePools.propertyNames with regex ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ and maxLength: 32 to validate pool names. No changes to individual pool schemas or required fields.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

  • Areas to spot-check:
    • Confirm the regex exactly matches intended allowed pool name formats.
    • Verify maxLength: 32 aligns with any downstream name length limits or providers.
    • Test schema validation against representative existing nodePools names to ensure backward compatibility.

Suggested reviewers

  • tasches
  • marvinWolff

Poem

🐰 In the meadow of charts I hop and sing,
Names trimmed tidy, thirty-two's the ring,
A regex snug, no stray hyphen roam,
Node pools prance in their cozy home. 🥕

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and concisely describes the main change: adding validation to enforce that nodePools use valid Kubernetes-compliant names.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/t8s-cluster/validate-nodepool-names
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 83b0e83 and 1130760.

📒 Files selected for processing (1)
  • charts/t8s-cluster/values.schema.json (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • charts/t8s-cluster/values.schema.json
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: lint helm chart (t8s-cluster)

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 3, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request improves the validation for nodePools by ensuring their names are valid Kubernetes-style names (DNS-1123 labels). This is a good change to prevent invalid configurations. I've suggested a small improvement to also validate the maximum length of the node pool name, making the validation more complete.

Copilot AI reviewed Dec 3, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds validation to ensure nodePool names follow Kubernetes DNS label naming conventions. The change prevents users from creating nodePools with invalid names that would cause issues when resources are created in Kubernetes.

  • Replaces additionalProperties with patternProperties using a regex pattern that validates Kubernetes DNS-1123 label names
  • Adds additionalProperties: false to explicitly reject nodePool names that don't match the pattern

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@cwrau cwrau force-pushed the fix/t8s-cluster/validate-nodepool-names branch from 83b0e83 to 1130760 Compare December 3, 2025 14:01
@cwrau cwrau added this pull request to the merge queue Dec 4, 2025
Merged via the queue into main with commit b9431c5 Dec 4, 2025
44 checks passed
@cwrau cwrau deleted the fix/t8s-cluster/validate-nodepool-names branch December 4, 2025 08:59
@teutonet-bot teutonet-bot mentioned this pull request Dec 4, 2025
Merged
github-merge-queue bot pushed a commit that referenced this pull request Jan 15, 2026
@teutonet-bot @github-actions
chore(main): [bot] release t8s-cluster:9.5.0 (#1760)
adeb099 
🤖 I have created a release *beep* *boop*
---


##
[9.5.0](t8s-cluster-v9.4.1...t8s-cluster-v9.5.0)
(2026-01-15)


### Features

* **t8s-cluster/artifacthub:** use centralised helmRepositories template
([#1846](#1846))
([73a41f9](73a41f9))
* **t8s-cluster/cilium:** enable kubeProxy replacement
([#1815](#1815))
([b3c412d](b3c412d))
* **t8s-cluster/management-cluster:** add cluster-autoscaler deployment
([#1756](#1756))
([5b6ead9](5b6ead9))
* **t8s-cluster/management-cluster:** enable ImageVolume feature flag
([#1786](#1786))
([9676ee0](9676ee0))
* **t8s-cluster/management-cluster:** set apiServerLoadBalancer.provider
via TeutonetesCloud
([#1898](#1898))
([6bf8889](6bf8889))
* **t8s-cluster/management-cluster:** switch to hcp
([#1759](#1759))
([303b0b6](303b0b6))
* **t8s-cluster/management-cluster:** use new
KubeletEnsureSecretPulledImages feature gate
([#1858](#1858))
([40d7bef](40d7bef))
* **t8s-cluster:** migrate to CAPI v1beta2
([#1685](#1685))
([dc5f071](dc5f071))


### Bug Fixes

* **t8s-cluster/autoscaler:** these names are inside the workload
cluster
([#1877](#1877))
([f345cea](f345cea))
* **t8s-cluster/management-cluster:** leave out protocol if `nil`
([#1837](#1837))
([f370dac](f370dac))
* **t8s-cluster:** only allow nodePools with valid k8s names
([#1851](#1851))
([b9431c5](b9431c5))


### Miscellaneous Chores

* **t8s-cluster/dependencies:** update common docker tag to v1.6.0
([#1811](#1811))
([b3b4c94](b3b4c94))
* **t8s-cluster/dependencies:** update common docker tag to v1.7.0
([#1873](#1873))
([71e062f](71e062f))
* **t8s-cluster/dependencies:** update helm release cilium to v1.18.6
([#1894](#1894))
([e1adc88](e1adc88))
* **t8s-cluster/dependencies:** update helm release cluster-autoscaler
to v9.53.0
([#1856](#1856))
([dc67fcd](dc67fcd))
* **t8s-cluster/dependencies:** update helm release
openstack-cloud-controller-manager to v2.34.1
([#1553](#1553))
([e984d19](e984d19))
* **t8s-cluster/dependencies:** update registry.k8s.io/etcd docker tag
to v3.5.24
([#1793](#1793))
([a5098e3](a5098e3))
* **t8s-cluster/dependencies:** update registry.k8s.io/etcd docker tag
to v3.6.6
([#1813](#1813))
([e07ffa7](e07ffa7))
* **t8s-cluster/dependencies:** update registry.k8s.io/etcd docker tag
to v3.6.7
([#1895](#1895))
([cf1d3b4](cf1d3b4))
* **t8s-cluster/flux:** use centralised HelmRepositories instead of
per-instance
([#1758](#1758))
([3deff65](3deff65))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@marvinWolff marvinWolff marvinWolff approved these changes

@tasches tasches Awaiting requested review from tasches tasches is a code owner

@teutonet-bot teutonet-bot Awaiting requested review from teutonet-bot teutonet-bot is a code owner

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@cwrau cwrau

Labels

t8s-cluster

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cwrau @marvinWolff @teutonet-bot