diff --git a/CHANGELOG.md b/CHANGELOG.md index ba1654b534..3c0a69e163 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -81,6 +81,10 @@ Adding a new version? You'll need three changes: ### Changed +- `SecretKeyRef` of `ConfigFrom` field in `KongPlugin` and `KongClusterPlugin` + are `Required`. When `ConfigFrom` is specified, the validation of there CRDs + will require `SecretKeyRef` to be present. + [#5103](https://github.com/Kong/kubernetes-ingress-controller/pull/5103) - CRD Validation Expressions - `KongPlugin` and `KongClusterPlugin` now enforce only one of `config` and `configFrom` to be set. diff --git a/config/crd/bases/configuration.konghq.com_kongclusterplugins.yaml b/config/crd/bases/configuration.konghq.com_kongclusterplugins.yaml index 6fd6bc00af..613253b195 100644 --- a/config/crd/bases/configuration.konghq.com_kongclusterplugins.yaml +++ b/config/crd/bases/configuration.konghq.com_kongclusterplugins.yaml @@ -84,6 +84,8 @@ spec: - name - namespace type: object + required: + - secretKeyRef type: object consumerRef: description: ConsumerRef is a reference to a particular consumer. diff --git a/config/crd/bases/configuration.konghq.com_kongconsumergroups.yaml b/config/crd/bases/configuration.konghq.com_kongconsumergroups.yaml index 9abb76af93..a0f56a2af8 100644 --- a/config/crd/bases/configuration.konghq.com_kongconsumergroups.yaml +++ b/config/crd/bases/configuration.konghq.com_kongconsumergroups.yaml @@ -44,7 +44,7 @@ spec: metadata: type: object status: - description: Status represents the current status of the KongConsumer + description: Status represents the current status of the KongConsumerGroup resource. properties: conditions: diff --git a/config/crd/bases/configuration.konghq.com_kongplugins.yaml b/config/crd/bases/configuration.konghq.com_kongplugins.yaml index 5da67bb08f..d714ed4b79 100644 --- a/config/crd/bases/configuration.konghq.com_kongplugins.yaml +++ b/config/crd/bases/configuration.konghq.com_kongplugins.yaml @@ -80,6 +80,8 @@ spec: - key - name type: object + required: + - secretKeyRef type: object consumerRef: description: ConsumerRef is a reference to a particular consumer. diff --git a/pkg/apis/configuration/v1/configsource.go b/pkg/apis/configuration/v1/configsource.go index 2ba4ea73b1..d4fc0efe6e 100644 --- a/pkg/apis/configuration/v1/configsource.go +++ b/pkg/apis/configuration/v1/configsource.go @@ -4,37 +4,32 @@ package v1 // +kubebuilder:object:generate=true type ConfigSource struct { // Specifies a name and a key of a secret to refer to. The namespace is implicitly set to the one of referring object. - SecretValue SecretValueFromSource `json:"secretKeyRef,omitempty"` + SecretValue SecretValueFromSource `json:"secretKeyRef"` } // NamespacedConfigSource is a wrapper around NamespacedSecretValueFromSource. // +kubebuilder:object:generate=true type NamespacedConfigSource struct { // Specifies a name, a namespace, and a key of a secret to refer to. - SecretValue NamespacedSecretValueFromSource `json:"secretKeyRef,omitempty"` + SecretValue NamespacedSecretValueFromSource `json:"secretKeyRef"` } // SecretValueFromSource represents the source of a secret value. // +kubebuilder:object:generate=true type SecretValueFromSource struct { // The secret containing the key. - // +kubebuilder:validation:Required - Secret string `json:"name,omitempty"` + Secret string `json:"name"` // The key containing the value. - // +kubebuilder:validation:Required - Key string `json:"key,omitempty"` + Key string `json:"key"` } // NamespacedSecretValueFromSource represents the source of a secret value specifying the secret namespace. // +kubebuilder:object:generate=true type NamespacedSecretValueFromSource struct { // The namespace containing the secret. - // +kubebuilder:validation:Required - Namespace string `json:"namespace,omitempty"` + Namespace string `json:"namespace"` // The secret containing the key. - // +kubebuilder:validation:Required - Secret string `json:"name,omitempty"` + Secret string `json:"name"` // The key containing the value. - // +kubebuilder:validation:Required - Key string `json:"key,omitempty"` + Key string `json:"key"` } diff --git a/pkg/apis/configuration/v1/kongclusterplugin_types.go b/pkg/apis/configuration/v1/kongclusterplugin_types.go index 76efa86e7b..a53aff6ada 100644 --- a/pkg/apis/configuration/v1/kongclusterplugin_types.go +++ b/pkg/apis/configuration/v1/kongclusterplugin_types.go @@ -29,7 +29,6 @@ import ( // +kubebuilder:resource:scope=Cluster,shortName=kcp,categories=kong-ingress-controller // +kubebuilder:subresource:status // +kubebuilder:storageversion -// +kubebuilder:validation:Optional // +kubebuilder:printcolumn:name="Plugin-Type",type=string,JSONPath=`.plugin`,description="Name of the plugin" // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`,description="Age" // +kubebuilder:printcolumn:name="Disabled",type=boolean,JSONPath=`.disabled`,description="Indicates if the plugin is disabled",priority=1 @@ -66,7 +65,7 @@ type KongClusterPlugin struct { // PluginName is the name of the plugin to which to apply the config. // +kubebuilder:validation:Required - PluginName string `json:"plugin,omitempty"` + PluginName string `json:"plugin"` // RunOn configures the plugin to run on the first or the second or both // nodes in case of a service mesh deployment. diff --git a/pkg/apis/configuration/v1/kongconsumer_types.go b/pkg/apis/configuration/v1/kongconsumer_types.go index 007b317ca8..036b3dcf1f 100644 --- a/pkg/apis/configuration/v1/kongconsumer_types.go +++ b/pkg/apis/configuration/v1/kongconsumer_types.go @@ -26,7 +26,6 @@ import ( // +kubebuilder:subresource:status // +kubebuilder:storageversion // +kubebuilder:resource:shortName=kc,categories=kong-ingress-controller -// +kubebuilder:validation:Optional // +kubebuilder:printcolumn:name="Username",type=string,JSONPath=`.username`,description="Username of a Kong Consumer" // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`,description="Age" // +kubebuilder:printcolumn:name="Programmed",type=string,JSONPath=`.status.conditions[?(@.type=="Programmed")].status` diff --git a/pkg/apis/configuration/v1/kongingress_types.go b/pkg/apis/configuration/v1/kongingress_types.go index 3e171b9fc0..26b7121cca 100644 --- a/pkg/apis/configuration/v1/kongingress_types.go +++ b/pkg/apis/configuration/v1/kongingress_types.go @@ -27,7 +27,6 @@ import ( // +kubebuilder:subresource:status // +kubebuilder:storageversion // +kubebuilder:resource:shortName=ki,categories=kong-ingress-controller -// +kubebuilder:validation:Optional // +kubebuilder:validation:XValidation:rule="!has(self.proxy)", message="'proxy' field is no longer supported, use Service's annotations instead" // +kubebuilder:validation:XValidation:rule="!has(self.route)", message="'route' field is no longer supported, use Ingress' annotations instead" diff --git a/pkg/apis/configuration/v1/kongplugin_types.go b/pkg/apis/configuration/v1/kongplugin_types.go index 1ad062845b..ac6b92d5bc 100644 --- a/pkg/apis/configuration/v1/kongplugin_types.go +++ b/pkg/apis/configuration/v1/kongplugin_types.go @@ -28,7 +28,6 @@ import ( // +kubebuilder:subresource:status // +kubebuilder:storageversion // +kubebuilder:resource:shortName=kp,categories=kong-ingress-controller -// +kubebuilder:validation:Optional // +kubebuilder:printcolumn:name="Plugin-Type",type=string,JSONPath=`.plugin`,description="Name of the plugin" // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`,description="Age" // +kubebuilder:printcolumn:name="Disabled",type=boolean,JSONPath=`.disabled`,description="Indicates if the plugin is disabled",priority=1 @@ -66,7 +65,7 @@ type KongPlugin struct { // PluginName is the name of the plugin to which to apply the config. // +kubebuilder:validation:Required - PluginName string `json:"plugin,omitempty"` + PluginName string `json:"plugin"` // RunOn configures the plugin to run on the first or the second or both // nodes in case of a service mesh deployment. diff --git a/pkg/apis/configuration/v1beta1/ingress_rules.go b/pkg/apis/configuration/v1beta1/ingress_rules.go index cb59b1b8cd..22cdaf8e7d 100644 --- a/pkg/apis/configuration/v1beta1/ingress_rules.go +++ b/pkg/apis/configuration/v1beta1/ingress_rules.go @@ -1,7 +1,5 @@ package v1beta1 -// +kubebuilder:validation:Optional - // UDPIngressRule represents a rule to apply against incoming requests // wherein no Host matching is available for request routing, only the port // is used to match requests. @@ -11,17 +9,13 @@ type UDPIngressRule struct { // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=65535 // +kubebuilder:validation:Format=int32 - // +kubebuilder:validation:Required Port int `json:"port"` // Backend defines the Kubernetes service which accepts traffic from the // listening Port defined above. - // +kubebuilder:validation:Required Backend IngressBackend `json:"backend"` } -// +kubebuilder:validation:Optional - // IngressRule represents a rule to apply against incoming requests. // Matching is performed based on an (optional) SNI and port. type IngressRule struct { @@ -32,16 +26,17 @@ type IngressRule struct { // If a Host is specified, the protocol must be TLS over TCP. // A plain-text TCP request cannot be routed based on Host. It can only // be routed based on Port. + // +kubebuilder:validation:Optional Host string `json:"host,omitempty"` // Port is the port on which to accept TCP or TLS over TCP sessions and // route. It is a required field. If a Host is not specified, the requested // are routed based only on Port. + // +kubebuilder:validation:Required // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=65535 // +kubebuilder:validation:Format=int32 - // +kubebuilder:validation:Required - Port int `json:"port,omitempty"` + Port int `json:"port"` // Backend defines the referenced service endpoint to which the traffic // will be forwarded to. @@ -49,8 +44,6 @@ type IngressRule struct { Backend IngressBackend `json:"backend"` } -// +kubebuilder:validation:Optional - // IngressBackend describes all endpoints for a given service and port. type IngressBackend struct { // Specifies the name of the referenced service. @@ -59,9 +52,9 @@ type IngressBackend struct { ServiceName string `json:"serviceName"` // Specifies the port of the referenced service. + // +kubebuilder:validation:Required // +kubebuilder:validation:Minimum=1 // +kubebuilder:validation:Maximum=65535 // +kubebuilder:validation:Format=int32 - // +kubebuilder:validation:Required ServicePort int `json:"servicePort"` } diff --git a/pkg/apis/configuration/v1beta1/kongconsumergroup_types.go b/pkg/apis/configuration/v1beta1/kongconsumergroup_types.go index 06d9717890..4292f5e6c5 100644 --- a/pkg/apis/configuration/v1beta1/kongconsumergroup_types.go +++ b/pkg/apis/configuration/v1beta1/kongconsumergroup_types.go @@ -26,7 +26,6 @@ import ( // +kubebuilder:subresource:status // +kubebuilder:storageversion // +kubebuilder:resource:shortName=kcg,categories=kong-ingress-controller -// +kubebuilder:validation:Optional // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`,description="Age" // +kubebuilder:printcolumn:name="Programmed",type=string,JSONPath=`.status.conditions[?(@.type=="Programmed")].status` @@ -35,7 +34,7 @@ type KongConsumerGroup struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - // Status represents the current status of the KongConsumer resource. + // Status represents the current status of the KongConsumerGroup resource. Status KongConsumerGroupStatus `json:"status,omitempty"` } diff --git a/pkg/apis/configuration/v1beta1/tcpingress_types.go b/pkg/apis/configuration/v1beta1/tcpingress_types.go index 3063083244..3ffcd69ac9 100644 --- a/pkg/apis/configuration/v1beta1/tcpingress_types.go +++ b/pkg/apis/configuration/v1beta1/tcpingress_types.go @@ -27,7 +27,6 @@ import ( // +kubebuilder:resource:categories=kong-ingress-controller // +kubebuilder:subresource:status // +kubebuilder:storageversion -// +kubebuilder:validation:Optional // +kubebuilder:printcolumn:name="Address",type=string,JSONPath=`.status.loadBalancer.ingress[*].ip`,description="Address of the load balancer" // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`,description="Age" diff --git a/pkg/apis/configuration/v1beta1/udpingress_types.go b/pkg/apis/configuration/v1beta1/udpingress_types.go index a62b33ecbf..a2b6f86c02 100644 --- a/pkg/apis/configuration/v1beta1/udpingress_types.go +++ b/pkg/apis/configuration/v1beta1/udpingress_types.go @@ -40,7 +40,6 @@ type UDPIngressList struct { // +kubebuilder:resource:categories=kong-ingress-controller // +kubebuilder:subresource:status // +kubebuilder:storageversion -// +kubebuilder:validation:Optional // +kubebuilder:printcolumn:name="Address",type=string,JSONPath=`.status.loadBalancer.ingress[*].ip`,description="Address of the load balancer" // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`,description="Age" diff --git a/test/e2e/manifests/all-in-one-dbless-k4k8s-enterprise.yaml b/test/e2e/manifests/all-in-one-dbless-k4k8s-enterprise.yaml index de43760cd5..dad59cb6f3 100644 --- a/test/e2e/manifests/all-in-one-dbless-k4k8s-enterprise.yaml +++ b/test/e2e/manifests/all-in-one-dbless-k4k8s-enterprise.yaml @@ -142,6 +142,8 @@ spec: - name - namespace type: object + required: + - secretKeyRef type: object consumerRef: description: ConsumerRef is a reference to a particular consumer. @@ -360,7 +362,7 @@ spec: metadata: type: object status: - description: Status represents the current status of the KongConsumer + description: Status represents the current status of the KongConsumerGroup resource. properties: conditions: @@ -1056,6 +1058,8 @@ spec: - key - name type: object + required: + - secretKeyRef type: object consumerRef: description: ConsumerRef is a reference to a particular consumer. diff --git a/test/e2e/manifests/all-in-one-dbless-konnect-enterprise.yaml b/test/e2e/manifests/all-in-one-dbless-konnect-enterprise.yaml index 4993e98685..d401dfee26 100644 --- a/test/e2e/manifests/all-in-one-dbless-konnect-enterprise.yaml +++ b/test/e2e/manifests/all-in-one-dbless-konnect-enterprise.yaml @@ -142,6 +142,8 @@ spec: - name - namespace type: object + required: + - secretKeyRef type: object consumerRef: description: ConsumerRef is a reference to a particular consumer. @@ -360,7 +362,7 @@ spec: metadata: type: object status: - description: Status represents the current status of the KongConsumer + description: Status represents the current status of the KongConsumerGroup resource. properties: conditions: @@ -1056,6 +1058,8 @@ spec: - key - name type: object + required: + - secretKeyRef type: object consumerRef: description: ConsumerRef is a reference to a particular consumer. diff --git a/test/e2e/manifests/all-in-one-dbless-konnect.yaml b/test/e2e/manifests/all-in-one-dbless-konnect.yaml index 34ee471923..62716367f7 100644 --- a/test/e2e/manifests/all-in-one-dbless-konnect.yaml +++ b/test/e2e/manifests/all-in-one-dbless-konnect.yaml @@ -142,6 +142,8 @@ spec: - name - namespace type: object + required: + - secretKeyRef type: object consumerRef: description: ConsumerRef is a reference to a particular consumer. @@ -360,7 +362,7 @@ spec: metadata: type: object status: - description: Status represents the current status of the KongConsumer + description: Status represents the current status of the KongConsumerGroup resource. properties: conditions: @@ -1056,6 +1058,8 @@ spec: - key - name type: object + required: + - secretKeyRef type: object consumerRef: description: ConsumerRef is a reference to a particular consumer. diff --git a/test/e2e/manifests/all-in-one-dbless.yaml b/test/e2e/manifests/all-in-one-dbless.yaml index a70437dec7..f5ce84671e 100644 --- a/test/e2e/manifests/all-in-one-dbless.yaml +++ b/test/e2e/manifests/all-in-one-dbless.yaml @@ -142,6 +142,8 @@ spec: - name - namespace type: object + required: + - secretKeyRef type: object consumerRef: description: ConsumerRef is a reference to a particular consumer. @@ -360,7 +362,7 @@ spec: metadata: type: object status: - description: Status represents the current status of the KongConsumer + description: Status represents the current status of the KongConsumerGroup resource. properties: conditions: @@ -1056,6 +1058,8 @@ spec: - key - name type: object + required: + - secretKeyRef type: object consumerRef: description: ConsumerRef is a reference to a particular consumer. diff --git a/test/e2e/manifests/all-in-one-postgres-enterprise.yaml b/test/e2e/manifests/all-in-one-postgres-enterprise.yaml index f3a6a433ba..8dc5446127 100644 --- a/test/e2e/manifests/all-in-one-postgres-enterprise.yaml +++ b/test/e2e/manifests/all-in-one-postgres-enterprise.yaml @@ -142,6 +142,8 @@ spec: - name - namespace type: object + required: + - secretKeyRef type: object consumerRef: description: ConsumerRef is a reference to a particular consumer. @@ -360,7 +362,7 @@ spec: metadata: type: object status: - description: Status represents the current status of the KongConsumer + description: Status represents the current status of the KongConsumerGroup resource. properties: conditions: @@ -1056,6 +1058,8 @@ spec: - key - name type: object + required: + - secretKeyRef type: object consumerRef: description: ConsumerRef is a reference to a particular consumer. diff --git a/test/e2e/manifests/all-in-one-postgres-multiple-gateways.yaml b/test/e2e/manifests/all-in-one-postgres-multiple-gateways.yaml index a8d35c38f4..3c78fb43d3 100644 --- a/test/e2e/manifests/all-in-one-postgres-multiple-gateways.yaml +++ b/test/e2e/manifests/all-in-one-postgres-multiple-gateways.yaml @@ -142,6 +142,8 @@ spec: - name - namespace type: object + required: + - secretKeyRef type: object consumerRef: description: ConsumerRef is a reference to a particular consumer. @@ -360,7 +362,7 @@ spec: metadata: type: object status: - description: Status represents the current status of the KongConsumer + description: Status represents the current status of the KongConsumerGroup resource. properties: conditions: @@ -1056,6 +1058,8 @@ spec: - key - name type: object + required: + - secretKeyRef type: object consumerRef: description: ConsumerRef is a reference to a particular consumer. diff --git a/test/e2e/manifests/all-in-one-postgres.yaml b/test/e2e/manifests/all-in-one-postgres.yaml index 21bc17b460..8b1b7ff84c 100644 --- a/test/e2e/manifests/all-in-one-postgres.yaml +++ b/test/e2e/manifests/all-in-one-postgres.yaml @@ -142,6 +142,8 @@ spec: - name - namespace type: object + required: + - secretKeyRef type: object consumerRef: description: ConsumerRef is a reference to a particular consumer. @@ -360,7 +362,7 @@ spec: metadata: type: object status: - description: Status represents the current status of the KongConsumer + description: Status represents the current status of the KongConsumerGroup resource. properties: conditions: @@ -1056,6 +1058,8 @@ spec: - key - name type: object + required: + - secretKeyRef type: object consumerRef: description: ConsumerRef is a reference to a particular consumer.