Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Use OpenAPI to validate ImageVolumeSource.Reference #4308

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
cbandy wants to merge 3 commits into CrunchyData:main
base: main
Choose a base branch
Loading
from cbandy:openapi-image-source

Conversation

Copy link
Member

@cbandy cbandy commented Sep 30, 2025

Checklist:

  • Have you added an explanation of what your changes do and why you'd like them to be included?
  • Have you updated or added documentation for the change, as applicable?
  • Have you tested your changes on all related environments with successful results, as applicable?
    • Have you added automated tests?

Type of Changes:

  • Other

What is the current behavior (link to any open issues here)?

We cannot add validation markers inside upstream types, so we have to use CEL validation from outside the type.

What is the new behavior (if this is a feature change)?

We can use the +kubebuilder:title marker to add identifiers to CRD schemas, and manipulate those after controller-gen runs.

k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect
sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 // indirect
sigs.k8s.io/controller-tools v0.17.3 // indirect
sigs.k8s.io/controller-tools v0.18.0 // indirect
Copy link
Member Author

@cbandy cbandy Sep 30, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤔 v0.18 requires k8s.io/.. v0.33, but it wasn't bundled in the k8s.io updates last month: #4248

I don't know why!

def merge(stream): reduce stream as $i ({}; . * $i);

# https://pkg.go.dev/k8s.io/api/core/v1#ImageVolumeSource
reduce paths(try .title == "$corev1.ImageVolumeSource") as $path (.;
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📝 This may very well be "too clever." I'm curious what others think.

Copy link
Contributor

@benjaminjb benjaminjb Sep 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Setting a title field on our CRD to add some validation rules and then removing the title field -- is that the part you're thinking might be too clever?

Seems reasonable to me, with the caveat that having the CRD be assembled from kubebuilder annotations and then post-process functions might make it a little harder to know easily where some element is coming from. Maybe that's a documentation issue, e.g., when we add the title in the struct, we could link to or reference this jq script at this point?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Setting a title field on our CRD to add some validation rules and then removing the title field -- is that the part you're thinking might be too clever?

Yeah. Smuggling information through a marker that does something else.

Seems reasonable to me, with the caveat that having the CRD be assembled from kubebuilder annotations and then post-process functions might make it a little harder to know easily where some element is coming from. Maybe that's a documentation issue, e.g., when we add the title in the struct, we could link to or reference this jq script at this point?

A comment on the marker is better than none. I'll add one.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A comment on the marker is better than none. I'll add one.

Done.

@cbandy cbandy changed the title (削除) Use OpenAPI to validation ImageVolumeSource.Reference (削除ここまで) (追記) Use OpenAPI to validate ImageVolumeSource.Reference (追記ここまで) Sep 30, 2025
@@ -1,9 +1,8 @@
---
# controller-gen.kubebuilder.io/version: v0.18.0
Copy link
Contributor

@benjaminjb benjaminjb Sep 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm curious to hear your thinking behind this change

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This information is minimally interesting during development, but AFAIK has no use after that. As an annotation, it is deployed with the CRD but serves no purpose.

My impression has been that the generator is using metadata.annotations to push "stuff" through code that can only handle K8s objects.


// Turn top-level strings that start with octothorpe U+0023 into YAML comments by removing their quotes.
yamlData := need(yaml.Marshal(v))
yamlData = regexp.MustCompile(`(?m)^'(#[^']*)'(.*)$`).ReplaceAll(yamlData, []byte("1ドル2ドル"))
Copy link
Contributor

@benjaminjb benjaminjb Sep 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And we can't just capture the whole line as a single capture group because you want to exclude the quotes, yeah?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤔 It doesn't seem like I need the second capture... The line should end just after the quoted string, right? 🦆

I'll check this tomorrow.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And we can't just capture the whole line as a single capture group because you want to exclude the quotes, yeah?

Right. This finds lines starting with '# and removes a pair of '. This is the transformation:

-'# controller-gen.kubebuilder.io/version': v0.18.0
+# controller-gen.kubebuilder.io/version: v0.18.0

🤔 It doesn't seem like I need the second capture...

I forgot that the quotes are around only the key of the flow mapping. The second capture is for the remainder of the line, if any.

 

OpenAPI validation does not count toward the CRD XValidation CEL budget.
@cbandy cbandy force-pushed the openapi-image-source branch from c71315f to 9b7ac1b Compare October 1, 2025 17:30
// More info: https://kubernetes.io/docs/concepts/storage/volumes#image
// ---
// https://docs.k8s.io/concepts/storage/volumes#image
// Use "title" to add more validation in [internal/crd/post-process.jq].
Copy link
Contributor

@benjaminjb benjaminjb Oct 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benjaminjb benjaminjb benjaminjb approved these changes

@dsessler7 dsessler7 Awaiting requested review from dsessler7

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AltStyle によって変換されたページ (->オリジナル) /