diff --git a/apis/dscinitialization/v1/dscinitialization_types.go b/apis/dscinitialization/v1/dscinitialization_types.go
index 903c4c7d76c..0edf248cfd9 100644
--- a/apis/dscinitialization/v1/dscinitialization_types.go
+++ b/apis/dscinitialization/v1/dscinitialization_types.go
@@ -34,6 +34,8 @@ type DSCInitializationSpec struct {
// Namespace for applications to be installed, non-configurable, default to "redhat-ods-applications"
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ApplicationsNamespace is immutable"
// +operator-sdk:csv:customresourcedefinitions:type=spec,order=1
+ // +kubebuilder:validation:Pattern="^([a-z0-9]([-a-z0-9]*[a-z0-9])?)?$"
+ // +kubebuilder:validation:MaxLength=63
ApplicationsNamespace string `json:"applicationsNamespace"`
// Enable monitoring on specified namespace
// +operator-sdk:csv:customresourcedefinitions:type=spec,order=2
@@ -68,8 +70,10 @@ type Monitoring struct {
// or if it is installed, the operator will try to remove it.
// +kubebuilder:validation:Enum=Managed;Removed
ManagementState operatorv1.ManagementState `json:"managementState,omitempty"`
- // +kubebuilder:default=redhat-ods-monitoring
// Namespace for monitoring if it is enabled
+ // +kubebuilder:default=redhat-ods-monitoring
+ // +kubebuilder:validation:Pattern="^([a-z0-9]([-a-z0-9]*[a-z0-9])?)?$"
+ // +kubebuilder:validation:MaxLength=63
Namespace string `json:"namespace,omitempty"`
}
diff --git a/apis/infrastructure/v1/servicemesh_types.go b/apis/infrastructure/v1/servicemesh_types.go
index bfa81ec8b0f..659ee781aac 100644
--- a/apis/infrastructure/v1/servicemesh_types.go
+++ b/apis/infrastructure/v1/servicemesh_types.go
@@ -20,6 +20,8 @@ type ControlPlaneSpec struct {
Name string `json:"name,omitempty"`
// Namespace is a namespace where Service Mesh is deployed. Defaults to "istio-system".
// +kubebuilder:default=istio-system
+ // +kubebuilder:validation:Pattern="^([a-z0-9]([-a-z0-9]*[a-z0-9])?)?$"
+ // +kubebuilder:validation:MaxLength=63
Namespace string `json:"namespace,omitempty"`
// MetricsCollection specifies if metrics from components on the Mesh namespace
// should be collected. Setting the value to "Istio" will collect metrics from the
@@ -45,6 +47,8 @@ type GatewaySpec struct {
type AuthSpec struct {
// Namespace where it is deployed. If not provided, the default is to
// use '-auth-provider' suffix on the ApplicationsNamespace of the DSCI.
+ // +kubebuilder:validation:Pattern="^([a-z0-9]([-a-z0-9]*[a-z0-9])?)?$"
+ // +kubebuilder:validation:MaxLength=63
Namespace string `json:"namespace,omitempty"`
// Audiences is a list of the identifiers that the resource server presented
// with the token identifies as. Audience-aware token authenticators will verify
diff --git a/bundle/manifests/dscinitialization.opendatahub.io_dscinitializations.yaml b/bundle/manifests/dscinitialization.opendatahub.io_dscinitializations.yaml
index 7ab80a3d8ac..56976e539b4 100644
--- a/bundle/manifests/dscinitialization.opendatahub.io_dscinitializations.yaml
+++ b/bundle/manifests/dscinitialization.opendatahub.io_dscinitializations.yaml
@@ -56,6 +56,8 @@ spec:
default: redhat-ods-applications
description: Namespace for applications to be installed, non-configurable,
default to "redhat-ods-applications"
+ maxLength: 63
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?)?$
type: string
x-kubernetes-validations:
- message: ApplicationsNamespace is immutable
@@ -95,6 +97,8 @@ spec:
namespace:
default: redhat-ods-monitoring
description: Namespace for monitoring if it is enabled
+ maxLength: 63
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?)?$
type: string
type: object
serviceMesh:
@@ -126,6 +130,8 @@ spec:
description: |-
Namespace where it is deployed. If not provided, the default is to
use '-auth-provider' suffix on the ApplicationsNamespace of the DSCI.
+ maxLength: 63
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?)?$
type: string
type: object
controlPlane:
@@ -152,6 +158,8 @@ spec:
default: istio-system
description: Namespace is a namespace where Service Mesh is
deployed. Defaults to "istio-system".
+ maxLength: 63
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?)?$
type: string
type: object
managementState:
diff --git a/config/crd/bases/dscinitialization.opendatahub.io_dscinitializations.yaml b/config/crd/bases/dscinitialization.opendatahub.io_dscinitializations.yaml
index fae3c846fda..95434c3365b 100644
--- a/config/crd/bases/dscinitialization.opendatahub.io_dscinitializations.yaml
+++ b/config/crd/bases/dscinitialization.opendatahub.io_dscinitializations.yaml
@@ -56,6 +56,8 @@ spec:
default: redhat-ods-applications
description: Namespace for applications to be installed, non-configurable,
default to "redhat-ods-applications"
+ maxLength: 63
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?)?$
type: string
x-kubernetes-validations:
- message: ApplicationsNamespace is immutable
@@ -95,6 +97,8 @@ spec:
namespace:
default: redhat-ods-monitoring
description: Namespace for monitoring if it is enabled
+ maxLength: 63
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?)?$
type: string
type: object
serviceMesh:
@@ -126,6 +130,8 @@ spec:
description: |-
Namespace where it is deployed. If not provided, the default is to
use '-auth-provider' suffix on the ApplicationsNamespace of the DSCI.
+ maxLength: 63
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?)?$
type: string
type: object
controlPlane:
@@ -152,6 +158,8 @@ spec:
default: istio-system
description: Namespace is a namespace where Service Mesh is
deployed. Defaults to "istio-system".
+ maxLength: 63
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?)?$
type: string
type: object
managementState:
diff --git a/docs/api-overview.md b/docs/api-overview.md
index 18d957750fb..eb6b38f3237 100644
--- a/docs/api-overview.md
+++ b/docs/api-overview.md
@@ -323,7 +323,7 @@ _Appears in:_
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
-| `namespace` _string_ | Namespace where it is deployed. If not provided, the default is to
use '-auth-provider' suffix on the ApplicationsNamespace of the DSCI. | | |
+| `namespace` _string_ | Namespace where it is deployed. If not provided, the default is to
use '-auth-provider' suffix on the ApplicationsNamespace of the DSCI. | | MaxLength: 63
Pattern: `^([a-z0-9]([-a-z0-9]*[a-z0-9])?)?$`
|
| `audiences` _string_ | Audiences is a list of the identifiers that the resource server presented
with the token identifies as. Audience-aware token authenticators will verify
that the token was intended for at least one of the audiences in this list.
If no audiences are provided, the audience will default to the audience of the
Kubernetes apiserver (kubernetes.default.svc). | [https://kubernetes.default.svc] | |
@@ -419,7 +419,7 @@ _Appears in:_
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `name` _string_ | Name is a name Service Mesh Control Plane. Defaults to "data-science-smcp". | data-science-smcp | |
-| `namespace` _string_ | Namespace is a namespace where Service Mesh is deployed. Defaults to "istio-system". | istio-system | |
+| `namespace` _string_ | Namespace is a namespace where Service Mesh is deployed. Defaults to "istio-system". | istio-system | MaxLength: 63
Pattern: `^([a-z0-9]([-a-z0-9]*[a-z0-9])?)?$`
|
| `metricsCollection` _string_ | MetricsCollection specifies if metrics from components on the Mesh namespace
should be collected. Setting the value to "Istio" will collect metrics from the
control plane and any proxies on the Mesh namespace (like gateway pods). Setting
to "None" will disable metrics collection. | Istio | Enum: [Istio None]
|
@@ -603,7 +603,7 @@ _Appears in:_
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
-| `applicationsNamespace` _string_ | Namespace for applications to be installed, non-configurable, default to "redhat-ods-applications" | redhat-ods-applications | |
+| `applicationsNamespace` _string_ | Namespace for applications to be installed, non-configurable, default to "redhat-ods-applications" | redhat-ods-applications | MaxLength: 63
Pattern: `^([a-z0-9]([-a-z0-9]*[a-z0-9])?)?$`
|
| `monitoring` _[Monitoring](#monitoring)_ | Enable monitoring on specified namespace | | |
| `serviceMesh` _[ServiceMeshSpec](#servicemeshspec)_ | Configures Service Mesh as networking layer for Data Science Clusters components.
The Service Mesh is a mandatory prerequisite for single model serving (KServe) and
you should review this configuration if you are planning to use KServe.
For other components, it enhances user experience; e.g. it provides unified
authentication giving a Single Sign On experience. | | |
| `trustedCABundle` _[TrustedCABundleSpec](#trustedcabundlespec)_ | When set to `Managed`, adds odh-trusted-ca-bundle Configmap to all namespaces that includes
cluster-wide Trusted CA Bundle in .data["ca-bundle.crt"].
Additionally, this fields allows admins to add custom CA bundles to the configmap using the .CustomCABundle field. | | |
@@ -662,7 +662,7 @@ _Appears in:_
| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `managementState` _[ManagementState](#managementstate)_ | Set to one of the following values:
- "Managed" : the operator is actively managing the component and trying to keep it active.
It will only upgrade the component if it is safe to do so.
- "Removed" : the operator is actively managing the component and will not install it,
or if it is installed, the operator will try to remove it. | | Enum: [Managed Removed]
|
-| `namespace` _string_ | Namespace for monitoring if it is enabled | redhat-ods-monitoring | |
+| `namespace` _string_ | Namespace for monitoring if it is enabled | redhat-ods-monitoring | MaxLength: 63
Pattern: `^([a-z0-9]([-a-z0-9]*[a-z0-9])?)?$`
|
#### TrustedCABundleSpec