Skip to content

CORS-4280: AWS: Add throughput validation for gp3 volumes #1430

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

CORS-4280: AWS: Add throughput validation for gp3 volumes #1430

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c7353ef
AWS: Ensure throughput setting is configured correctly on gp3 volumes
jhixson74 Nov 5, 2025
710235e
AWS: GP3 volume throughput tests
jhixson74 Nov 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions pkg/webhooks/machine_webhook.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -799,6 +799,32 @@ func validateAWS(m *machinev1beta1.Machine, config *admissionConfig) (bool, []st

// TODO(alberto): Validate providerSpec.BlockDevices.
// https://github.com/openshift/cluster-api-provider-aws/pull/299#discussion_r433920532
for i, blockDevice := range providerSpec.BlockDevices {
ebs := blockDevice.EBS
if ebs == nil || ebs.VolumeType == nil || ebs.ThroughputMib == nil {
continue
}

throughputPath := field.NewPath("providerSpec", "blockDevices", "ebs", "throughputMib")
throughputValue := *ebs.ThroughputMib

if *ebs.VolumeType != "gp3" {
errs = append(errs, field.Invalid(
throughputPath,
throughputValue,
fmt.Sprintf("providerSpec.blockDevices[%d].ebs.throughputMib is only valid for gp3 volumes", i),
))
continue
}

if throughputValue < 125 || throughputValue > 2000 {
errs = append(errs, field.Invalid(
throughputPath,
throughputValue,
fmt.Sprintf("providerSpec.blockDevices[%d].ebs.throughputMib must be a value between 125 and 2000", i),
))
}
}

switch providerSpec.Placement.Tenancy {
case "", machinev1beta1.DefaultTenancy, machinev1beta1.DedicatedTenancy, machinev1beta1.HostTenancy:
Expand Down
104 changes: 104 additions & 0 deletions pkg/webhooks/machine_webhook_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -451,6 +451,110 @@ func TestMachineCreation(t *testing.T) {
},
expectedError: "admission webhook \"validation.machine.machine.openshift.io\" denied the request: spec.hostPlacement.dedicatedHost.id: Invalid value: \"invalid\": id must start with 'h-' followed by 17 lowercase hexadecimal characters (0-9 and a-f)",
},
{
name: "with VolumeType set to gp3 and Throughput not set",
platformType: osconfigv1.AWSPlatformType,
clusterID: "aws-cluster",
providerSpecValue: &kruntime.RawExtension{
Object: &machinev1beta1.AWSMachineProviderConfig{
AMI: machinev1beta1.AWSResourceReference{
ID: ptr.To[string]("ami"),
},
BlockDevices: []machinev1beta1.BlockDeviceMappingSpec{
{
EBS: &machinev1beta1.EBSBlockDeviceSpec{
VolumeType: ptr.To[string]("gp3"),
},
},
},
},
},
expectedError: "",
},
{
name: "with VolumeType set to gp3 and Throughput set under minium value",
platformType: osconfigv1.AWSPlatformType,
clusterID: "aws-cluster",
providerSpecValue: &kruntime.RawExtension{
Object: &machinev1beta1.AWSMachineProviderConfig{
AMI: machinev1beta1.AWSResourceReference{
ID: ptr.To[string]("ami"),
},
BlockDevices: []machinev1beta1.BlockDeviceMappingSpec{
{
EBS: &machinev1beta1.EBSBlockDeviceSpec{
VolumeType: ptr.To[string]("gp3"),
ThroughputMib: ptr.To[int32](124),
},
},
},
},
},
expectedError: "providerSpec.blockDevices[0].ebs.throughputMib must be a value between 125 and 2000",
},
{
name: "with VolumeType set to gp3 and Throughput set over maxium value",
platformType: osconfigv1.AWSPlatformType,
clusterID: "aws-cluster",
providerSpecValue: &kruntime.RawExtension{
Object: &machinev1beta1.AWSMachineProviderConfig{
AMI: machinev1beta1.AWSResourceReference{
ID: ptr.To[string]("ami"),
},
BlockDevices: []machinev1beta1.BlockDeviceMappingSpec{
{
EBS: &machinev1beta1.EBSBlockDeviceSpec{
VolumeType: ptr.To[string]("gp3"),
ThroughputMib: ptr.To[int32](2001),
},
},
},
},
},
expectedError: "providerSpec.blockDevices[0].ebs.throughputMib must be a value between 125 and 2000",
},
{
name: "with VolumeType set to gp3 and Throughput set within range",
platformType: osconfigv1.AWSPlatformType,
clusterID: "aws-cluster",
providerSpecValue: &kruntime.RawExtension{
Object: &machinev1beta1.AWSMachineProviderConfig{
AMI: machinev1beta1.AWSResourceReference{
ID: ptr.To[string]("ami"),
},
BlockDevices: []machinev1beta1.BlockDeviceMappingSpec{
{
EBS: &machinev1beta1.EBSBlockDeviceSpec{
VolumeType: ptr.To[string]("gp3"),
ThroughputMib: ptr.To[int32](1000),
},
},
},
},
},
expectedError: "",
},
{
name: "with Throughput set on non gp3 volume",
platformType: osconfigv1.AWSPlatformType,
clusterID: "aws-cluster",
providerSpecValue: &kruntime.RawExtension{
Object: &machinev1beta1.AWSMachineProviderConfig{
AMI: machinev1beta1.AWSResourceReference{
ID: ptr.To[string]("ami"),
},
BlockDevices: []machinev1beta1.BlockDeviceMappingSpec{
{
EBS: &machinev1beta1.EBSBlockDeviceSpec{
VolumeType: ptr.To[string]("io1"),
ThroughputMib: ptr.To[int32](124),
},
},
},
},
},
expectedError: "providerSpec.blockDevices[0].ebs.throughputMib is only valid for gp3 volumes",
},
{
name: "with Azure and a nil provider spec value",
platformType: osconfigv1.AzurePlatformType,
Expand Down