Replace our CRD validation patch with CEL rules

cbandy · cbandy · commit 183d9df93149 · 2024-10-18T21:53:17.000-05:00
The JSON patch was awkward to maintain, and we forgot to update it when
we added PVCs to our APIs.

I considered defining these rules on a shared Go type in our API
package, but I did not like the type conversion it requires in our
controller and test code.

Issue: PGO-1748
diff --git a/build/crd/postgresclusters/kustomization.yaml b/build/crd/postgresclusters/kustomization.yaml
@@ -5,12 +5,6 @@ resources:
 - generated/postgres-operator.crunchydata.com_postgresclusters.yaml
 
 patches:
-- target:
-    group: apiextensions.k8s.io
-    version: v1
-    kind: CustomResourceDefinition
-    name: postgresclusters.postgres-operator.crunchydata.com
-  path: validation.yaml
 - target:
     group: apiextensions.k8s.io
     version: v1
diff --git a/build/crd/postgresclusters/validation.yaml b/build/crd/postgresclusters/validation.yaml
diff --git a/config/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml b/config/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml
@@ -2913,7 +2913,6 @@ spec:
                                         More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
                                       items:
                                         type: string
-                                      minItems: 1
                                       type: array
                                       x-kubernetes-list-type: atomic
                                     dataSource:
@@ -3027,11 +3026,7 @@ spec:
                                             If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
                                             otherwise to an implementation-defined value. Requests cannot exceed Limits.
                                             More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-                                          required:
-                                          - storage
                                           type: object
-                                      required:
-                                      - requests
                                       type: object
                                     selector:
                                       description: selector is a label query over
@@ -3110,10 +3105,18 @@ spec:
                                       description: volumeName is the binding reference
                                         to the PersistentVolume backing this claim.
                                       type: string
-                                  required:
-                                  - accessModes
-                                  - resources
                                   type: object
+                                  x-kubernetes-validations:
+                                  - fieldPath: .accessModes
+                                    message: missing accessModes
+                                    reason: FieldValueRequired
+                                    rule: has(self.accessModes) && size(self.accessModes)
+                                      > 0
+                                  - fieldPath: .resources.requests.storage
+                                    message: missing storage request
+                                    reason: FieldValueRequired
+                                    rule: has(self.resources) && has(self.resources.requests)
+                                      && has(self.resources.requests.storage)
                               required:
                               - volumeClaimSpec
                               type: object
@@ -6365,6 +6368,17 @@ spec:
                                       to the PersistentVolume backing this claim.
                                     type: string
                                 type: object
+                                x-kubernetes-validations:
+                                - fieldPath: .accessModes
+                                  message: missing accessModes
+                                  reason: FieldValueRequired
+                                  rule: has(self.accessModes) && size(self.accessModes)
+                                    > 0
+                                - fieldPath: .resources.requests.storage
+                                  message: missing storage request
+                                  reason: FieldValueRequired
+                                  rule: has(self.resources) && has(self.resources.requests)
+                                    && has(self.resources.requests.storage)
                             required:
                             - volumeClaimSpec
                             type: object
@@ -10039,7 +10053,6 @@ spec:
                             More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
                           items:
                             type: string
-                          minItems: 1
                           type: array
                           x-kubernetes-list-type: atomic
                         dataSource:
@@ -10149,11 +10162,7 @@ spec:
                                 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
                                 otherwise to an implementation-defined value. Requests cannot exceed Limits.
                                 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-                              required:
-                              - storage
                               type: object
-                          required:
-                          - requests
                           type: object
                         selector:
                           description: selector is a label query over volumes to consider
@@ -10231,10 +10240,17 @@ spec:
                           description: volumeName is the binding reference to the
                             PersistentVolume backing this claim.
                           type: string
-                      required:
-                      - accessModes
-                      - resources
                       type: object
+                      x-kubernetes-validations:
+                      - fieldPath: .accessModes
+                        message: missing accessModes
+                        reason: FieldValueRequired
+                        rule: has(self.accessModes) && size(self.accessModes) > 0
+                      - fieldPath: .resources.requests.storage
+                        message: missing storage request
+                        reason: FieldValueRequired
+                        rule: has(self.resources) && has(self.resources.requests)
+                          && has(self.resources.requests.storage)
                     metadata:
                       description: Metadata contains metadata for custom resources
                       properties:
@@ -10602,6 +10618,17 @@ spec:
                                   the PersistentVolume backing this claim.
                                 type: string
                             type: object
+                            x-kubernetes-validations:
+                            - fieldPath: .accessModes
+                              message: missing accessModes
+                              reason: FieldValueRequired
+                              rule: has(self.accessModes) && size(self.accessModes)
+                                > 0
+                            - fieldPath: .resources.requests.storage
+                              message: missing storage request
+                              reason: FieldValueRequired
+                              rule: has(self.resources) && has(self.resources.requests)
+                                && has(self.resources.requests.storage)
                           name:
                             description: |-
                               The name for the tablespace, used as the path name for the volume.
@@ -10848,7 +10875,6 @@ spec:
                             More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
                           items:
                             type: string
-                          minItems: 1
                           type: array
                           x-kubernetes-list-type: atomic
                         dataSource:
@@ -10958,11 +10984,7 @@ spec:
                                 If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
                                 otherwise to an implementation-defined value. Requests cannot exceed Limits.
                                 More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-                              required:
-                              - storage
                               type: object
-                          required:
-                          - requests
                           type: object
                         selector:
                           description: selector is a label query over volumes to consider
@@ -11040,10 +11062,17 @@ spec:
                           description: volumeName is the binding reference to the
                             PersistentVolume backing this claim.
                           type: string
-                      required:
-                      - accessModes
-                      - resources
                       type: object
+                      x-kubernetes-validations:
+                      - fieldPath: .accessModes
+                        message: missing accessModes
+                        reason: FieldValueRequired
+                        rule: has(self.accessModes) && size(self.accessModes) > 0
+                      - fieldPath: .resources.requests.storage
+                        message: missing storage request
+                        reason: FieldValueRequired
+                        rule: has(self.resources) && has(self.resources.requests)
+                          && has(self.resources.requests.storage)
                   required:
                   - dataVolumeClaimSpec
                   type: object
diff --git a/pkg/apis/postgres-operator.crunchydata.com/v1beta1/pgbackrest_types.go b/pkg/apis/postgres-operator.crunchydata.com/v1beta1/pgbackrest_types.go
@@ -342,7 +342,18 @@ type RepoHostStatus struct {
 type RepoPVC struct {
 
 	// Defines a PersistentVolumeClaim spec used to create and/or bind a volume
+	// ---
 	// +kubebuilder:validation:Required
+	//
+	// NOTE(validation): Every PVC must have at least one accessMode. NOTE(KEP-4153)
+	// - https://releases.k8s.io/v1.25.0/pkg/apis/core/validation/validation.go#L2098-L2100
+	// - https://releases.k8s.io/v1.31.0/pkg/apis/core/validation/validation.go#L2292-L2294
+	// +kubebuilder:validation:XValidation:rule=`has(self.accessModes) && size(self.accessModes) > 0`,message=`missing accessModes`,fieldPath=`.accessModes`,reason="FieldValueRequired"
+	//
+	// NOTE(validation): Every PVC must have a positive storage request. NOTE(KEP-4153)
+	// - https://releases.k8s.io/v1.25.0/pkg/apis/core/validation/validation.go#L2126-L2133
+	// - https://releases.k8s.io/v1.31.0/pkg/apis/core/validation/validation.go#L2318-L2325
+	// +kubebuilder:validation:XValidation:rule=`has(self.resources) && has(self.resources.requests) && has(self.resources.requests.storage)`,message=`missing storage request`,fieldPath=`.resources.requests.storage`,reason="FieldValueRequired"
 	VolumeClaimSpec corev1.PersistentVolumeClaimSpec `json:"volumeClaimSpec"`
 }
 
diff --git a/pkg/apis/postgres-operator.crunchydata.com/v1beta1/postgrescluster_types.go b/pkg/apis/postgres-operator.crunchydata.com/v1beta1/postgrescluster_types.go
@@ -450,7 +450,18 @@ type PostgresInstanceSetSpec struct {
 
 	// Defines a PersistentVolumeClaim for PostgreSQL data.
 	// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes
+	// ---
 	// +kubebuilder:validation:Required
+	//
+	// NOTE(validation): Every PVC must have at least one accessMode. NOTE(KEP-4153)
+	// - https://releases.k8s.io/v1.25.0/pkg/apis/core/validation/validation.go#L2098-L2100
+	// - https://releases.k8s.io/v1.31.0/pkg/apis/core/validation/validation.go#L2292-L2294
+	// +kubebuilder:validation:XValidation:rule=`has(self.accessModes) && size(self.accessModes) > 0`,message=`missing accessModes`,fieldPath=`.accessModes`,reason="FieldValueRequired"
+	//
+	// NOTE(validation): Every PVC must have a positive storage request. NOTE(KEP-4153)
+	// - https://releases.k8s.io/v1.25.0/pkg/apis/core/validation/validation.go#L2126-L2133
+	// - https://releases.k8s.io/v1.31.0/pkg/apis/core/validation/validation.go#L2318-L2325
+	// +kubebuilder:validation:XValidation:rule=`has(self.resources) && has(self.resources.requests) && has(self.resources.requests.storage)`,message=`missing storage request`,fieldPath=`.resources.requests.storage`,reason="FieldValueRequired"
 	DataVolumeClaimSpec corev1.PersistentVolumeClaimSpec `json:"dataVolumeClaimSpec"`
 
 	// Priority class name for the PostgreSQL pod. Changing this value causes
@@ -491,7 +502,18 @@ type PostgresInstanceSetSpec struct {
 
 	// Defines a separate PersistentVolumeClaim for PostgreSQL's write-ahead log.
 	// More info: https://www.postgresql.org/docs/current/wal.html
-	// +optional
+	// ---
+	// +kubebuilder:validation:Optional
+	//
+	// NOTE(validation): Every PVC must have at least one accessMode. NOTE(KEP-4153)
+	// - https://releases.k8s.io/v1.25.0/pkg/apis/core/validation/validation.go#L2098-L2100
+	// - https://releases.k8s.io/v1.31.0/pkg/apis/core/validation/validation.go#L2292-L2294
+	// +kubebuilder:validation:XValidation:rule=`has(self.accessModes) && size(self.accessModes) > 0`,message=`missing accessModes`,fieldPath=`.accessModes`,reason="FieldValueRequired"
+	//
+	// NOTE(validation): Every PVC must have a positive storage request. NOTE(KEP-4153)
+	// - https://releases.k8s.io/v1.25.0/pkg/apis/core/validation/validation.go#L2126-L2133
+	// - https://releases.k8s.io/v1.31.0/pkg/apis/core/validation/validation.go#L2318-L2325
+	// +kubebuilder:validation:XValidation:rule=`has(self.resources) && has(self.resources.requests) && has(self.resources.requests.storage)`,message=`missing storage request`,fieldPath=`.resources.requests.storage`,reason="FieldValueRequired"
 	WALVolumeClaimSpec *corev1.PersistentVolumeClaimSpec `json:"walVolumeClaimSpec,omitempty"`
 
 	// The list of tablespaces volumes to mount for this postgrescluster
@@ -520,7 +542,18 @@ type TablespaceVolume struct {
 
 	// Defines a PersistentVolumeClaim for a tablespace.
 	// More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes
+	// ---
 	// +kubebuilder:validation:Required
+	//
+	// NOTE(validation): Every PVC must have at least one accessMode. NOTE(KEP-4153)
+	// - https://releases.k8s.io/v1.25.0/pkg/apis/core/validation/validation.go#L2098-L2100
+	// - https://releases.k8s.io/v1.31.0/pkg/apis/core/validation/validation.go#L2292-L2294
+	// +kubebuilder:validation:XValidation:rule=`has(self.accessModes) && size(self.accessModes) > 0`,message=`missing accessModes`,fieldPath=`.accessModes`,reason="FieldValueRequired"
+	//
+	// NOTE(validation): Every PVC must have a positive storage request. NOTE(KEP-4153)
+	// - https://releases.k8s.io/v1.25.0/pkg/apis/core/validation/validation.go#L2126-L2133
+	// - https://releases.k8s.io/v1.31.0/pkg/apis/core/validation/validation.go#L2318-L2325
+	// +kubebuilder:validation:XValidation:rule=`has(self.resources) && has(self.resources.requests) && has(self.resources.requests.storage)`,message=`missing storage request`,fieldPath=`.resources.requests.storage`,reason="FieldValueRequired"
 	DataVolumeClaimSpec corev1.PersistentVolumeClaimSpec `json:"dataVolumeClaimSpec"`
 }
 
