Skip to content

Refactor CRD defaulting and validation as generic #3403

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
2 commits merged into from Feb 17, 2025
Merged

Refactor CRD defaulting and validation as generic #3403

2 commits merged into from Feb 17, 2025

Conversation

@ghost
Copy link

@ghost ghost commented Feb 14, 2025
edited by ghost
Loading

Refactor the code for working with TracingPolicy CRD outside of Kubernetes
context to generically support any CRD. This includes loading custom resources
from YAML, applying defaults and validating them.

This design replaces the global state (tracingpolicy.defaultState), previously
initialized using sync.Once and used to cache validators and structural schemas,
with a generic struct (CRDContext[P]), initialized per CRD. CRDContext holds
structs necessary to process a particular CRD. CRDContexts for
TracingPolicy(Namespaced) are initialized in init().

The defaulting and validating logic is mostly unchanged and mimics the behavior
of Kubernetes apiserver. Two differences from the previous implementation maybe
worth noting:

  • We now validate uniqueness invariants of arrays that are sets or maps
  • To make FromYAML generic, but also avoid unnecessary copying of structs, we
    pass a pointer as a type parameter, but then use reflect to allocate the
    struct, to unmarshal into it. It's a bit ugly, but works.

To ensure that the generic functionality stays decoupled from TracingPolicy,
move it from pkg/tracingpolicy to a new pkg/crdutils package.

There is already another crdutils package under pkg/k8s module. However, it's
specific to Tetragon CRDs, while the defaulting and validating logic is
completely generic. Therefore, it seems better to keep it separate.

@netlify
Copy link

netlify bot commented Feb 14, 2025
edited
Loading

Deploy Preview for tetragon ready!

Name Link
🔨 Latest commit 9e8a96f
🔍 Latest deploy log https://app.netlify.com/sites/tetragon/deploys/67af927c3c23200008ed5ed2
😎 Deploy Preview https://deploy-preview-3403--tetragon.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@ghost ghost added the release-note/misc This PR makes changes that have no direct user impact. label Feb 14, 2025
@ghost ghost marked this pull request as ready for review February 14, 2025 22:24
@ghost ghost self-requested a review as a code owner February 14, 2025 22:24
@ghost ghost requested a review from tpapagian February 14, 2025 22:24
@ghost ghost marked this pull request as draft February 16, 2025 12:07
Anna Kapuscinska added 2 commits February 16, 2025 12:58
Refactor CRD defaulting and validation as generic
716847a 
Refactor the code for working with TracingPolicy CRD outside of Kubernetes
context to generically support any CRD. This includes loading custom resources
from YAML, applying defaults and validating them.

This design replaces the global state (tracingpolicy.defaultState), previously
initialized using sync.Once and used to cache validators and structural schemas,
with a generic struct (CRDContext[P]), initialized per CRD. CRDContext holds
structs necessary to process a particular CRD. CRDContexts for
TracingPolicy(Namespaced) are initialized in init().

The defaulting and validating logic is mostly unchanged and mimics the behavior
of Kubernetes apiserver. Two differences from the previous implementation maybe
worth noting:

- We now validate uniqueness invariants of arrays that are sets or maps
- To make FromYAML generic, but also avoid unnecessary copying of structs, we
  pass a pointer as a type parameter, but then use reflect to allocate the
  struct, to unmarshal into it. It's a bit ugly, but works.

Signed-off-by: Anna Kapuscinska <anna@isovalent.com>
Move generic CRD functionality to a new crdutils package
5ea9c0f 
To ensure that the generic functionality stays decoupled from TracingPolicy,
move it from pkg/tracingpolicy to a new pkg/crdutils package.

There is already another crdutils package under pkg/k8s module. However, it's
specific to Tetragon CRDs, while the defaulting and validating logic is
completely generic. Therefore, it seems better to keep it separate.

Signed-off-by: Anna Kapuscinska <anna@isovalent.com>
@ghost ghost marked this pull request as ready for review February 16, 2025 14:30
@mtardy mtardy self-requested a review February 17, 2025 09:54
mtardy
mtardy approved these changes Feb 17, 2025
View reviewed changes
Copy link
Member

@mtardy mtardy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, it looks cleaner like that! lgtm

@ghost ghost merged commit 9a92936 into cilium:main Feb 17, 2025
43 checks passed
@BrewTestBot BrewTestBot mentioned this pull request Mar 21, 2025
Merged
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tpapagian tpapagian Awaiting requested review from tpapagian tpapagian is a code owner automatically assigned from cilium/tetragon-reviewers

Assignees

No one assigned

Labels

release-note/misc This PR makes changes that have no direct user impact.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mtardy