Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
hachyderm.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hachyderm is a safe space, LGBTQIA+ and BLM, primarily comprised of tech industry professionals world wide. Note that many non-user account types have restrictions - please see our About page.

Administered by:

Server stats:

9.5K
active users

hachyderm.io: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.5

Public
eirik ᐸ'aᐳ

1. you can use CEL validation rules inside CRD schemas: kubernetes.io/docs/tasks/exten - and these are a lot more versatile than previous validation attributes - (GA in 1.29)

kubernetes.ioExtend the Kubernetes API with CustomResourceDefinitionsThis page shows how to install a custom resource into the Kubernetes API by creating a CustomResourceDefinition. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:
Public
eirik ᐸ'aᐳ

2. you can use CEL validation in a stand-alone ValidatingAdmissionPolicy. this allows opt-in validation on native/custom types (so you can e.g. create company wide-policies) - kubernetes.io/docs/reference/a (beta in 1.28)

KubernetesValidating Admission PolicyFEATURE STATE: Kubernetes v1.28 [beta] This page provides an overview of Validating Admission Policy. What is Validating Admission Policy? Validating admission policies offer a declarative, in-process alternative to validating admission webhooks. Validating admission policies use the Common Expression Language (CEL) to declare the validation rules of a policy. Validation admission policies are highly configurable, enabling policy authors to define policies that can be parameterized and scoped to resources as needed by cluster administrators.
Public
eirik ᐸ'aᐳ

this is a pretty large part of what people use admission controllers / admission controller frameworks for, and I would not be surprised if this starts slowly killing off an entire class of complex cluster tooling in favour of native validation

Public
eirik ᐸ'aᐳ

the schema validation rules could also help make controllers even more language agnostic as when we map between schema <-> language structs (schemars / kopium + k8s-openapi on side) these rules could be represented as code (and maybe long-term, be used to run client-side validation)

Public
eirik ᐸ'aᐳ

it would require some work on the rust side, but it's a lot more exciting to have this explicit than buried in a code comment on the golang side.

early issue for kube in github.com/kube-rs/kube/issues

GitHubBetter support for `x-kubernetes` properties in schemas · Issue #1367 · kube-rs/kubeBy clux
Public
eirik ᐸ'aᐳ

new kube.rs doc on admission via controllers or cel {validation,policies} at kube.rs/controllers/admission/ in time for 1.29

kube.rsAdmission - kube
ExploreLive feeds
About