Comments (18)
fwiw, optionals can make that more concise:
self.?status.?conditions.orValue([]).exists(c, c.type == 'QuotaReserved' && c.status == 'True')
from kubernetes.
/sig api-machinery
cc @cici37 @jpbetz
from kubernetes.
@IrvingMg, @trasc did I miss anything important?
from kubernetes.
What do you mean by Pod templates @alculquicondor?
One pattern I'd like to see used more: when you create something that embeds a Pod template, the controller for that kind tries to dry-run make a PodTemplate. That way you get one place to put customer validation (eg a ValidatingAdmissionPolicy), and it can apply to lots of API kinds without repetition.
from kubernetes.
One pattern I'd like to see used more: when you create something that embeds a Pod template, the controller for that kind tries to dry-run make a PodTemplate.
Interesting. I've never seen that. It sounds bullet proof from a validation perspective. Is there dry-run support in the apiserver? But then it would have to be called from the webhook?
from kubernetes.
Regexes for object names, label keys, values, container names, etc. I think this one is already in the works?
Yes, this one is progressing here: #123572 (cc @alexzielenski)
from kubernetes.
The ultimate validation: Pod templates, but worth starting with just containers :) Very useful for job CRDs.
We might do something special to validated embedded types like this that doesn't involved CEL. But yes, I agree there is a huge need here. Do you happen to have any references to specific use cases? I'm working on accumulating those.
from kubernetes.
Is there dry-run support in the apiserver?
yes, since 1.12: https://github.com/kubernetes/kubernetes/blob/release-1.12/staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/types.go#L485-L491
from kubernetes.
Re: dry-run support
I see. Still, that would imply that a webhook has to do an API call. Would you still recommend this?
Do you happen to have any references to specific use cases?
- All of the kubeflow job CRDs, to start. They will eventually fail at Pod or k8s Job creation, if the template is wrong, as they are not doing any validation.
- Kueue Workload objects https://kueue.sigs.k8s.io/docs/concepts/workload/. These are created out of existing Jobs, Pods, or arbitrary CRDs (like Kubeflow jobs). The only problematic case is the last one.
from kubernetes.
- JobSet validation (based on JobTemplates) kubernetes-sigs/jobset#422
from kubernetes.
@danielvegamyhre was looking into kubectl-validate as a way to validate templates as a library.
from kubernetes.
Not that I can think of. That's everything we need for now.
from kubernetes.
WRT conditions, right now, we have to do things like this:
has(self.status) && has(self.status.conditions) && self.status.conditions.exists(c, c.type == 'QuotaReserved' && c.status == 'True')
It would be good to have a simplified experience, similar to meta.IsConditionTrue
in golang.
I added a separate item for this.
from kubernetes.
/cc @cici37 @alexzielenski @jpbetz
/triage accepted
from kubernetes.
@alculquicondor is part of the issue that there isn't support for variables within CRD validations? I'm certain that the ValidatingAdmissionPolicy support for variables is instrumental in making the config as DRY as possible.
from kubernetes.
FWIW I have a draft KEP I was hoping to implement this release (maybe deferred to next) to add variables also to CRDs
from kubernetes.
I wasn't aware that CEL itself supported variables. That could help.
But, in general, there are common structs that multiple APIs might want to use, and we should have library validations for those.
from kubernetes.
But, in general, there are common structs that multiple APIs might want to use, and we should have library validations for those.
100% agree on this. I'd like it to feel to a CEL user like the language "understand" kubernetes resources and the types found within them. This includes quantities, durations, date-times, int-or-string, IPs, CIDRs, and all the name formats,. and maybe more sophisticated types like Conditions, selectors... We're have support for many of these and are actively working on some others, but we definitely have gaps.
from kubernetes.
Related Issues (20)
- Kubernets service not distributing traffic in equally , seeing imbalance in traffic . HOT 14
- Publish Markdown for OpenAPI field descriptions using an extension HOT 4
- Enhancement: allow to filter what fields to return from the API HOT 3
- [Failing Test] ci-crio-cgroupv1-node-e2e-conformance (Swap Tests) HOT 3
- [Flaking Test] integration-master (goroutine leak detection) HOT 6
- [Flaking Test] ci-node-e2e (Container Lifecycle) HOT 11
- Migrate existing features to versioned feature gate HOT 4
- verification machinery for compatibility version HOT 3
- [Flaking Test] TestLog/stateful_set_logs_with_all_pods HOT 4
- Pod deleted during image pull still starts HOT 10
- ValidatingAdmissionPolicy objects have different runtime type compared to CRDValidationRules HOT 8
- `kube-proxy`'s `--healthz-bind-address` should support IPv4 and IPv6 simultaneously (dual stack) HOT 24
- Bug: securityContext appArmorProfile unconfined not working with containerd HOT 2
- The old pod log file is not deleted from the /var/log/pods/ directory HOT 13
- Job controller reports the count of terminating pods with unnecessary delay HOT 4
- tracking issue; bump pause to 3.10 HOT 4
- kubernetes-sigs / scheduler-plugins go.mod Error HOT 3
- post-kubernetes-push-image-pause failed to publish version 3.10 HOT 15
- Failure cluster [6bc9e9c5...] HOT 1
- Apiserver log "Forcing xxx watcher close due to unresponsiveness" meaning consultation HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes.