From 1f540c84d0515b55130ee953caa9e361c82d650f Mon Sep 17 00:00:00 2001 From: rafatio Date: Wed, 28 Aug 2024 18:49:44 -0300 Subject: [PATCH] fix: remove x-kubernetes-validations from the NodePool CRD --- config/crd/kustomization.yaml | 3 ++ ...pools.infrastructure.cluster.x-k8s.io.yaml | 31 ------------------- .../remove-x-kubernetes-validations.yaml | 23 ++++++++++++++ 3 files changed, 26 insertions(+), 31 deletions(-) create mode 100644 config/crd/patches/remove-x-kubernetes-validations.yaml diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index e045152..c75cf73 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -9,6 +9,9 @@ resources: - bases/infrastructure.cluster.x-k8s.io_kopsmachinepools.yaml #+kubebuilder:scaffold:crdkustomizeresource +transformers: +- patches/remove-x-kubernetes-validations.yaml + patchesStrategicMerge: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD diff --git a/config/crd/output/apiextensions.k8s.io_v1_customresourcedefinition_kopsmachinepools.infrastructure.cluster.x-k8s.io.yaml b/config/crd/output/apiextensions.k8s.io_v1_customresourcedefinition_kopsmachinepools.infrastructure.cluster.x-k8s.io.yaml index 9ada8f7..ebb8785 100644 --- a/config/crd/output/apiextensions.k8s.io_v1_customresourcedefinition_kopsmachinepools.infrastructure.cluster.x-k8s.io.yaml +++ b/config/crd/output/apiextensions.k8s.io_v1_customresourcedefinition_kopsmachinepools.infrastructure.cluster.x-k8s.io.yaml @@ -192,9 +192,6 @@ spec: type: string description: EvictionHard is the map of signal names to quantities that define hard eviction thresholds type: object - x-kubernetes-validations: - - message: valid keys for evictionHard are ['memory.available','nodefs.available','nodefs.inodesFree','imagefs.available','imagefs.inodesFree','pid.available'] - rule: self.all(x, x in ['memory.available','nodefs.available','nodefs.inodesFree','imagefs.available','imagefs.inodesFree','pid.available']) evictionMaxPodGracePeriod: description: |- EvictionMaxPodGracePeriod is the maximum allowed grace period (in seconds) to use when terminating pods in @@ -206,17 +203,11 @@ spec: type: string description: EvictionSoft is the map of signal names to quantities that define soft eviction thresholds type: object - x-kubernetes-validations: - - message: valid keys for evictionSoft are ['memory.available','nodefs.available','nodefs.inodesFree','imagefs.available','imagefs.inodesFree','pid.available'] - rule: self.all(x, x in ['memory.available','nodefs.available','nodefs.inodesFree','imagefs.available','imagefs.inodesFree','pid.available']) evictionSoftGracePeriod: additionalProperties: type: string description: EvictionSoftGracePeriod is the map of signal names to quantities that define grace periods for each eviction signal type: object - x-kubernetes-validations: - - message: valid keys for evictionSoftGracePeriod are ['memory.available','nodefs.available','nodefs.inodesFree','imagefs.available','imagefs.inodesFree','pid.available'] - rule: self.all(x, x in ['memory.available','nodefs.available','nodefs.inodesFree','imagefs.available','imagefs.inodesFree','pid.available']) imageGCHighThresholdPercent: description: |- ImageGCHighThresholdPercent is the percent of disk usage after which image @@ -247,11 +238,6 @@ spec: x-kubernetes-int-or-string: true description: KubeReserved contains resources reserved for Kubernetes system components. type: object - x-kubernetes-validations: - - message: valid keys for kubeReserved are ['cpu','memory','ephemeral-storage','pid'] - rule: self.all(x, x=='cpu' || x=='memory' || x=='ephemeral-storage' || x=='pid') - - message: kubeReserved value cannot be a negative resource quantity - rule: self.all(x, !self[x].startsWith('-')) maxPods: description: |- MaxPods is an override for the maximum number of pods that can run on @@ -276,19 +262,7 @@ spec: x-kubernetes-int-or-string: true description: SystemReserved contains resources reserved for OS system daemons and kernel memory. type: object - x-kubernetes-validations: - - message: valid keys for systemReserved are ['cpu','memory','ephemeral-storage','pid'] - rule: self.all(x, x=='cpu' || x=='memory' || x=='ephemeral-storage' || x=='pid') - - message: systemReserved value cannot be a negative resource quantity - rule: self.all(x, !self[x].startsWith('-')) type: object - x-kubernetes-validations: - - message: imageGCHighThresholdPercent must be greater than imageGCLowThresholdPercent - rule: 'has(self.imageGCHighThresholdPercent) && has(self.imageGCLowThresholdPercent) ? self.imageGCHighThresholdPercent > self.imageGCLowThresholdPercent : true' - - message: evictionSoft OwnerKey does not have a matching evictionSoftGracePeriod - rule: has(self.evictionSoft) ? self.evictionSoft.all(e, (e in self.evictionSoftGracePeriod)):true - - message: evictionSoftGracePeriod OwnerKey does not have a matching evictionSoft - rule: has(self.evictionSoftGracePeriod) ? self.evictionSoftGracePeriod.all(e, (e in self.evictionSoft)):true nodeClassRef: description: NodeClassRef is a reference to an object that defines provider specific configuration properties: @@ -336,11 +310,6 @@ spec: type: object maxItems: 30 type: array - x-kubernetes-validations: - - message: requirements with operator 'In' must have a value defined - rule: 'self.all(x, x.operator == ''In'' ? x.values.size() != 0 : true)' - - message: requirements operator 'Gt' or 'Lt' must have a single positive integer value - rule: 'self.all(x, (x.operator == ''Gt'' || x.operator == ''Lt'') ? (x.values.size() == 1 && int(x.values[0]) >= 0) : true)' resources: description: Resources models the resource requirements for the NodeClaim to launch properties: diff --git a/config/crd/patches/remove-x-kubernetes-validations.yaml b/config/crd/patches/remove-x-kubernetes-validations.yaml new file mode 100644 index 0000000..4c3207d --- /dev/null +++ b/config/crd/patches/remove-x-kubernetes-validations.yaml @@ -0,0 +1,23 @@ +# This is a patch to remove x-kubernetes-validations from the CRD schema. This is needed because the CRD schema of the NodePool exceeds rule cost estimation when used in a list. The workaround for this is to remove the x-kubernetes-validations from the CRD schema. +apiVersion: builtin +kind: PatchTransformer +metadata: + name: remove-x-kubernetes-validations +patch: |- + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/karpenterNodePools/items/properties/spec/properties/template/properties/spec/properties/kubelet/properties/evictionHard/x-kubernetes-validations + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/karpenterNodePools/items/properties/spec/properties/template/properties/spec/properties/kubelet/properties/evictionSoft/x-kubernetes-validations + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/karpenterNodePools/items/properties/spec/properties/template/properties/spec/properties/kubelet/properties/kubeReserved/x-kubernetes-validations + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/karpenterNodePools/items/properties/spec/properties/template/properties/spec/properties/kubelet/properties/evictionSoftGracePeriod/x-kubernetes-validations + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/karpenterNodePools/items/properties/spec/properties/template/properties/spec/properties/kubelet/properties/systemReserved/x-kubernetes-validations + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/karpenterNodePools/items/properties/spec/properties/template/properties/spec/properties/kubelet/x-kubernetes-validations + - op: remove + path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/karpenterNodePools/items/properties/spec/properties/template/properties/spec/properties/requirements/x-kubernetes-validations +target: + kind: CustomResourceDefinition + name: kopsmachinepools.infrastructure.cluster.x-k8s.io \ No newline at end of file