kubernetes · k8s-ci-robot · Feb 3, 2022 · Jan 13, 2022 · Jan 13, 2022 · Jan 13, 2022
diff --git a/keps/sig-api-machinery/2876-crd-validation-expression-language/README.md b/keps/sig-api-machinery/2876-crd-validation-expression-language/README.md
@@ -26,6 +26,7 @@
   - [Type Checking](#type-checking)
   - [Type System Integration](#type-system-integration)
     - [Why not represent associative lists as maps in CEL?](#why-not-represent-associative-lists-as-maps-in-cel)
+  - [Resource constraints](#resource-constraints)
   - [Test Plan](#test-plan)
   - [Graduation Criteria](#graduation-criteria)
     - [Alpha](#alpha)
@@ -589,6 +590,28 @@ associativeList.all(e, e.key1 == 'a' && e.key2 == 'b' && e.val == 100)
 associativeList.all(e, e.val == 100)
 ```
 
+### Resource constraints
+
+For Beta, per-request execution time will be constrained via a context-passed timeout. For Beta, we are looking at a range between 100 milliseconds and 1 second for the timeout. We want to see how
+CEL performs in Beta before deciding what specific duration to set the timeout to. If the timeout is 
+exceeded, the error message will include how long each expression took to evaluate.
+
+We will provide time and space benchmarks to show what can be expected in typical and worst-case
+scenarios for CEL expressions, and that for most use cases, the timeout alone will be sufficient.
+The alternatives listed below would be more aimed at malformed/malicious expressions.
+
+If the context timeout proves to be insufficient, we have other alternatives to explore, such as
+limiting nested list comprehensions to a depth of 2. According to the performance section of
+[the CEL spec](https://github.com/google/cel-spec/blob/master/doc/langdef.md#performance), the
+time complexity of these operations are all O(n), so by limiting nesting to 2 deep, we limit
+expression complexity to O(n<sup>2</sup>). We can limit regular expression complexity
+as well.
+
+CEL also provides a [cost subsystem](https://github.com/google/cel-go/blob/dfef54b359b05532fb9695bc88937aa8530ab055/cel/program.go#L309) that could be used in the future,
+but the cost subsystem would need to know the length of any relevant lists in order to be useful. 
+That information can be supplied using `maxLength`, but this is an optional field, and if not
+passed, CEL would not be able to provide a useful figure.
+
 ### Test Plan
 
 We will extend both the unit test suite and the integration test suite to cover the CRD validation rule described in this KEP.