-
Notifications
You must be signed in to change notification settings - Fork 732
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add structural information to Constraint Kind CRDs #1249
Add structural information to Constraint Kind CRDs #1249
Conversation
935bcb8
to
61ee060
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1 comment, we'll need to explicitly add matchLabels
as part of moving to v1 CRDs because we wont be able to rely on preserveUnknownFields
61ee060
to
f62587f
Compare
f62587f
to
58947b0
Compare
e2e is failing with
|
ceed92a
to
c9e8dc8
Compare
@maxsmythe , I'm still figuring out the earlier e2e test failures. That's why I've got code commented out. I believe the failures were related to this new code. Will confirm now. |
e59c753
to
793ac20
Compare
I've confirmed that enabling the MatchLabels code (at least in its present form) triggers these errors in the e2e tests:
|
793ac20
to
74be181
Compare
Tests are passing with MatchLabels turned on, but the |
74be181
to
375a6cf
Compare
I've confirmed that adding the |
Weird that it's validating the entire resource using "v1" rules because of that. Let's put this PR on ice for a bit until the CF returns V1 CRDs, then we can revisit? |
5a4d893
to
0fbb91d
Compare
This is blocked until open-policy-agent/frameworks#113 is merged |
0fbb91d
to
23ef3a3
Compare
23ef3a3
to
be73c09
Compare
be73c09
to
5943f44
Compare
pkg/controller/constrainttemplate/constrainttemplate_controller.go
Outdated
Show resolved
Hide resolved
pkg/controller/constrainttemplate/constrainttemplate_controller.go
Outdated
Show resolved
Hide resolved
@@ -347,9 +364,9 @@ func (r *ReconcileConstraintTemplate) Reconcile(ctx context.Context, request rec | |||
|
|||
proposedCRD := &apiextensionsv1beta1.CustomResourceDefinition{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to move to apiextensionsv1
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No reason not to, IMO
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It turns out that doing this upgrade (apiextensionsv1beta1
--> apiextensionsv1
) actually causes a number of test breakages. As this PR is already large, I'm going to save those for a follow-up PR.
Does that work for you? @shomron
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are alot more places in GK that are still usingk8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1
so +1 on followup.
c1b4911
to
6ed35da
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Kubernetes v1 CRDs require structural schemas. This means that, where possible, JSONSchemas should identify the type of a field. Fields without this type information will require the key: value pair of x-kubernetes-unknown-fields: true to be set. This signals the API server to save the content found in that field to etcd without validation. This PR adds the remaining type information to the MatchSchema() function, rendering its output structural. This func's output is what populates the `match` section of the CRD for a Constraint kind. It also imports Constraint Framework, including the updates made in open-policy-agent/frameworks#114. This change transforms the schema information provided by users in a v1beta1 ConstraintTemplate to be structural. Contributes to open-policy-agent#550 Signed-off-by: juliankatz <juliankatz@google.com>
6ed35da
to
2613b85
Compare
Kubernetes v1 CRDs require structural schemas. This means that, where
possible, JSONSchemas should identify the type of a field. Fields
without this type information will require the key: value pair of
x-kubernetes-unknown-fields: true to be set. This signals the API
server to save the content found in that field to etcd without
validation.
This PR adds the remaining type information to the MatchSchema()
function, rendering its output structural. This func's output is what
populates the
match
section of the CRD for a Constraint kind.It also imports Constraint Framework, including the updates made in
open-policy-agent/frameworks#114. This change transforms the schema
information provided by users in a v1beta1 ConstraintTemplate to be
structural.
Contributes to #550
Signed-off-by: juliankatz juliankatz@google.com