-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate Admission Controller Validation to CEL #7690
base: master
Are you sure you want to change the base?
Conversation
Skipping CI for Draft Pull Request. |
I've tested it locally and it works, but I still need to add integration tests. Can you check if it looks good to you? |
Whoa! That is neat! Two questions:
|
Yup! Regarding point 1, I need to explore how to configure it, but kubebuilder annotations do support this. |
Yup, I see https://book.kubebuilder.io/reference/markers/crd-validation has these listed |
Signed-off-by: Omer Aplatony <[email protected]>
Now it was generated by kubebuilder. |
Tests are failing because of the change I made in the admission controller, so we should migrate those tests into e2e/integration tests. |
Signed-off-by: Omer Aplatony <[email protected]>
@@ -324,7 +325,11 @@ spec: | |||
Name of the container or DefaultContainerResourcePolicy, in which | |||
case the policy is used by the containers that don't have their own | |||
policy specified. | |||
pattern: ^[a-zA-Z0-9-_]+$ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think you can introduce new CRD validations without increasing the apiVersion.
Additionally, containerName: '*'
is explicitly supported as a catch-all solution, see
autoscaler/vertical-pod-autoscaler/pkg/utils/vpa/api.go
Lines 216 to 218 in adda3d4
if containerPolicy.ContainerName == vpa_types.DefaultContainerResourcePolicy { | |
defaultPolicy = &policy.ContainerPolicies[i] | |
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Yes you are right it's just WIP at the moment.
- Thanks, I will adjust :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added in: 9ea4821
@@ -112,25 +112,8 @@ func parseVPA(raw []byte) (*vpa_types.VerticalPodAutoscaler, error) { | |||
|
|||
// ValidateVPA checks the correctness of VPA Spec and returns an error if there is a problem. | |||
func ValidateVPA(vpa *vpa_types.VerticalPodAutoscaler, isCreate bool) error { | |||
if vpa.Spec.UpdatePolicy != nil { | |||
mode := vpa.Spec.UpdatePolicy.UpdateMode | |||
if mode == nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see any checks added regarding updatePolicy.updateMode
– is this intentional and those checks are implicitly done somewhere else now? Or do we need to add them as CEL validations as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the CRD itself I saw this:
https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/deploy/vpa-v1-crd-gen.yaml#L456
So added in here: ea90c23
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, didn't mean to approve 🙈
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: omerap12 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Signed-off-by: Omer Aplatony <[email protected]>
Signed-off-by: Omer Aplatony <[email protected]>
What type of PR is this?
/kind feature
What this PR does / why we need it:
This PR migrates the admission controller validation to use CEL (Common Expression Language) for improved flexibility and consistency in validation logic at the API server level.
Which issue(s) this PR fixes:
Fixes #7665
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: