ray-project
diff --git a/‎ray-operator/config/webhook/manifests.yaml
Lines changed: 40 additions & 0 deletions b/‎ray-operator/config/webhook/manifests.yaml
Lines changed: 40 additions & 0 deletions
diff --git a/‎ray-operator/pkg/webhooks/v1/raycluster_webhook.go
Lines changed: 6 additions & 18 deletions b/‎ray-operator/pkg/webhooks/v1/raycluster_webhook.go
Lines changed: 6 additions & 18 deletions
diff --git a/‎ray-operator/pkg/webhooks/v1/raycluster_webhook_test.go
Lines changed: 121 additions & 0 deletions b/‎ray-operator/pkg/webhooks/v1/raycluster_webhook_test.go
Lines changed: 121 additions & 0 deletions
diff --git a/‎ray-operator/pkg/webhooks/v1/rayjob_webhook.go
Lines changed: 68 additions & 0 deletions b/‎ray-operator/pkg/webhooks/v1/rayjob_webhook.go
Lines changed: 68 additions & 0 deletions
diff --git a/‎ray-operator/pkg/webhooks/v1/rayjob_webhook_test.go
Lines changed: 71 additions & 0 deletions b/‎ray-operator/pkg/webhooks/v1/rayjob_webhook_test.go
Lines changed: 71 additions & 0 deletions
@@ -24,3 +24,43 @@ webhooks:
     resources:
     - rayclusters
   sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /validate-ray-io-v1-rayjob
+  failurePolicy: Fail
+  name: vrayjob.kb.io
+  rules:
+  - apiGroups:
+    - ray.io
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - rayjobs
+  sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /validate-ray-io-v1-rayservice
+  failurePolicy: Fail
+  name: vrayservice.kb.io
+  rules:
+  - apiGroups:
+    - ray.io
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - rayservices
+  sideEffects: None
@@ -2,7 +2,6 @@ package v1
 
 import (
 	"context"
-	"regexp"
 
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -14,13 +13,10 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
 	rayv1 "github.com/ray-project/kuberay/ray-operator/apis/ray/v1"
+	"github.com/ray-project/kuberay/ray-operator/controllers/ray/utils"
 )
 
-// log is for logging in this package.
-var (
-	rayclusterlog = logf.Log.WithName("raycluster-resource")
-	nameRegex, _  = regexp.Compile("^[a-z]([-a-z0-9]*[a-z0-9])?$")
-)
+var rayClusterLog = logf.Log.WithName("raycluster-resource")
 
 // SetupRayClusterWebhookWithManager registers the webhook for RayCluster in the manager.
 func SetupRayClusterWebhookWithManager(mgr ctrl.Manager) error {
@@ -32,22 +28,21 @@ func SetupRayClusterWebhookWithManager(mgr ctrl.Manager) error {
 
 type RayClusterWebhook struct{}
 
-// TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation.
 //+kubebuilder:webhook:path=/validate-ray-io-v1-raycluster,mutating=false,failurePolicy=fail,sideEffects=None,groups=ray.io,resources=rayclusters,verbs=create;update,versions=v1,name=vraycluster.kb.io,admissionReviewVersions=v1
 
 var _ webhook.CustomValidator = &RayClusterWebhook{}
 
 // ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type
 func (w *RayClusterWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) {
 	rayCluster := obj.(*rayv1.RayCluster)
-	rayclusterlog.Info("validate create", "name", rayCluster.Name)
+	rayClusterLog.Info("validate create", "name", rayCluster.Name)
 	return nil, w.validateRayCluster(rayCluster)
 }
 
 // ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type
 func (w *RayClusterWebhook) ValidateUpdate(_ context.Context, _ runtime.Object, newObj runtime.Object) (admission.Warnings, error) {
 	rayCluster := newObj.(*rayv1.RayCluster)
-	rayclusterlog.Info("validate update", "name", rayCluster.Name)
+	rayClusterLog.Info("validate update", "name", rayCluster.Name)
 	return nil, w.validateRayCluster(rayCluster)
 }
 
@@ -59,8 +54,8 @@ func (w *RayClusterWebhook) ValidateDelete(_ context.Context, _ runtime.Object)
 func (w *RayClusterWebhook) validateRayCluster(rayCluster *rayv1.RayCluster) error {
 	var allErrs field.ErrorList
 
-	if err := w.validateName(rayCluster); err != nil {
-		allErrs = append(allErrs, err)
+	if err := utils.ValidateRayClusterMetadata(rayCluster.ObjectMeta); err != nil {
+		allErrs = append(allErrs, field.Invalid(field.NewPath("metadata").Child("name"), rayCluster.Name, err.Error()))
 	}
 
 	if err := w.validateWorkerGroups(rayCluster); err != nil {
@@ -76,13 +71,6 @@ func (w *RayClusterWebhook) validateRayCluster(rayCluster *rayv1.RayCluster) err
 		rayCluster.Name, allErrs)
 }
 
-func (w *RayClusterWebhook) validateName(rayCluster *rayv1.RayCluster) *field.Error {
-	if !nameRegex.MatchString(rayCluster.Name) {
-		return field.Invalid(field.NewPath("metadata").Child("name"), rayCluster.Name, "name must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name',  or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')")
-	}
-	return nil
-}
-
 func (w *RayClusterWebhook) validateWorkerGroups(rayCluster *rayv1.RayCluster) *field.Error {
 	workerGroupNames := make(map[string]bool)
 
 
@@ -0,0 +1,121 @@
+package v1
+
+import (
+	"context"
+	"fmt"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	corev1 "k8s.io/api/core/v1"
+	//+kubebuilder:scaffold:imports
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/rand"
+
+	rayv1 "github.com/ray-project/kuberay/ray-operator/apis/ray/v1"
+)
+
+var _ = Describe("RayCluster validating webhook", func() {
+	Context("when name is too long", func() {
+		It("should return error", func() {
+			longName := "this-name-is-tooooooooooooooooooooooooooooooooooooooooooo-long-and-should-be-invalid"
+			rayCluster := rayv1.RayCluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "default",
+					Name:      longName,
+				},
+				Spec: rayv1.RayClusterSpec{
+					HeadGroupSpec: rayv1.HeadGroupSpec{
+						Template: corev1.PodTemplateSpec{
+							Spec: corev1.PodSpec{
+								Containers: []corev1.Container{},
+							},
+						},
+					},
+					WorkerGroupSpecs: []rayv1.WorkerGroupSpec{},
+				},
+			}
+
+			err := k8sClient.Create(context.TODO(), &rayCluster)
+			Expect(err).To(HaveOccurred())
+
+			Expect(err.Error()).To(ContainSubstring(fmt.Sprintf("RayCluster.ray.io \"%s\" is invalid: metadata.name", longName)))
+		})
+	})
+
+	Context("when name isn't a DNS1035 label", func() {
+		It("should return error", func() {
+			rayCluster := rayv1.RayCluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "default",
+					Name:      "invalid.name",
+				},
+				Spec: rayv1.RayClusterSpec{
+					HeadGroupSpec: rayv1.HeadGroupSpec{
+						Template: corev1.PodTemplateSpec{
+							Spec: corev1.PodSpec{
+								Containers: []corev1.Container{},
+							},
+						},
+					},
+					WorkerGroupSpecs: []rayv1.WorkerGroupSpec{},
+				},
+			}
+
+			err := k8sClient.Create(context.TODO(), &rayCluster)
+			Expect(err).To(HaveOccurred())
+
+			Expect(err.Error()).To(ContainSubstring("RayCluster.ray.io \"invalid.name\" is invalid: metadata.name:"))
+		})
+	})
+
+	Context("when groupNames are not unique", func() {
+		var name, namespace string
+		var rayCluster rayv1.RayCluster
+
+		BeforeEach(func() {
+			namespace = "default"
+			name = fmt.Sprintf("test-raycluster-%d", rand.IntnRange(1000, 9000))
+		})
+
+		It("should return error", func() {
+			rayCluster = rayv1.RayCluster{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      name,
+					Namespace: namespace,
+				},
+				Spec: rayv1.RayClusterSpec{
+					HeadGroupSpec: rayv1.HeadGroupSpec{
+						Template: corev1.PodTemplateSpec{
+							Spec: corev1.PodSpec{
+								Containers: []corev1.Container{},
+							},
+						},
+					},
+					WorkerGroupSpecs: []rayv1.WorkerGroupSpec{
+						{
+							GroupName: "group1",
+							Template: corev1.PodTemplateSpec{
+								Spec: corev1.PodSpec{
+									Containers: []corev1.Container{},
+								},
+							},
+						},
+						{
+							GroupName: "group1",
+							Template: corev1.PodTemplateSpec{
+								Spec: corev1.PodSpec{
+									Containers: []corev1.Container{},
+								},
+							},
+						},
+					},
+				},
+			}
+
+			err := k8sClient.Create(context.TODO(), &rayCluster)
+			Expect(err).To(HaveOccurred())
+
+			Expect(err.Error()).To(ContainSubstring("worker group names must be unique"))
+		})
+	})
+})
@@ -0,0 +1,68 @@
+package v1
+
+import (
+	"context"
+
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/util/validation/field"
+	ctrl "sigs.k8s.io/controller-runtime"
+	logf "sigs.k8s.io/controller-runtime/pkg/log"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+
+	rayv1 "github.com/ray-project/kuberay/ray-operator/apis/ray/v1"
+	"github.com/ray-project/kuberay/ray-operator/controllers/ray/utils"
+)
+
+var rayJobLog = logf.Log.WithName("rayjob-resource")
+
+// SetupRayJobWebhookWithManager registers the webhook for RayJob in the manager.
+func SetupRayJobWebhookWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewWebhookManagedBy(mgr).
+		For(&rayv1.RayJob{}).
+		WithValidator(&RayJobWebhook{}).
+		Complete()
+}
+
+type RayJobWebhook struct{}
+
+//+kubebuilder:webhook:path=/validate-ray-io-v1-rayjob,mutating=false,failurePolicy=fail,sideEffects=None,groups=ray.io,resources=rayjobs,verbs=create;update,versions=v1,name=vrayjob.kb.io,admissionReviewVersions=v1
+
+var _ webhook.CustomValidator = &RayJobWebhook{}
+
+// ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type
+func (w *RayJobWebhook) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) {
+	rayJob := obj.(*rayv1.RayJob)
+	rayJobLog.Info("validate create", "name", rayJob.Name)
+	return nil, w.validateRayJob(rayJob)
+}
+
+// ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type
+func (w *RayJobWebhook) ValidateUpdate(_ context.Context, _ runtime.Object, newObj runtime.Object) (admission.Warnings, error) {
+	rayJob := newObj.(*rayv1.RayJob)
+	rayJobLog.Info("validate update", "name", rayJob.Name)
+	return nil, w.validateRayJob(rayJob)
+}
+
+// ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type
+func (w *RayJobWebhook) ValidateDelete(_ context.Context, _ runtime.Object) (admission.Warnings, error) {
+	return nil, nil
+}
+
+func (w *RayJobWebhook) validateRayJob(rayJob *rayv1.RayJob) error {
+	var allErrs field.ErrorList
+
+	if err := utils.ValidateRayJobMetadata(rayJob.ObjectMeta); err != nil {
+		allErrs = append(allErrs, field.Invalid(field.NewPath("metadata").Child("name"), rayJob.Name, err.Error()))
+	}
+
+	if len(allErrs) == 0 {
+		return nil
+	}
+
+	return apierrors.NewInvalid(
+		schema.GroupKind{Group: "ray.io", Kind: "RayJob"},
+		rayJob.Name, allErrs)
+}
@@ -0,0 +1,71 @@
+package v1
+
+import (
+	"context"
+	"fmt"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	corev1 "k8s.io/api/core/v1"
+	//+kubebuilder:scaffold:imports
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	rayv1 "github.com/ray-project/kuberay/ray-operator/apis/ray/v1"
+)
+
+var _ = Describe("RayJob validating webhook", func() {
+	Context("when name is too long", func() {
+		It("should return error", func() {
+			longName := "this-name-is-tooooooooooooooooooooooooooooooooooooooooooo-long-and-should-be-invalid"
+			rayJob := rayv1.RayJob{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "default",
+					Name:      longName,
+				},
+				Spec: rayv1.RayJobSpec{
+					RayClusterSpec: &rayv1.RayClusterSpec{
+						HeadGroupSpec: rayv1.HeadGroupSpec{
+							Template: corev1.PodTemplateSpec{
+								Spec: corev1.PodSpec{
+									Containers: []corev1.Container{},
+								},
+							},
+						},
+					},
+				},
+			}
+
+			err := k8sClient.Create(context.TODO(), &rayJob)
+			Expect(err).To(HaveOccurred())
+
+			Expect(err.Error()).To(ContainSubstring(fmt.Sprintf("RayJob.ray.io \"%s\" is invalid: metadata.name", longName)))
+		})
+	})
+
+	Context("when name isn't a DNS1035 label", func() {
+		It("should return error", func() {
+			rayJob := rayv1.RayJob{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: "default",
+					Name:      "invalid.name",
+				},
+				Spec: rayv1.RayJobSpec{
+					RayClusterSpec: &rayv1.RayClusterSpec{
+						HeadGroupSpec: rayv1.HeadGroupSpec{
+							Template: corev1.PodTemplateSpec{
+								Spec: corev1.PodSpec{
+									Containers: []corev1.Container{},
+								},
+							},
+						},
+					},
+				},
+			}
+
+			err := k8sClient.Create(context.TODO(), &rayJob)
+			Expect(err).To(HaveOccurred())
+
+			Expect(err.Error()).To(ContainSubstring("RayJob.ray.io \"invalid.name\" is invalid: metadata.name:"))
+		})
+	})
+})