howardjohn
commented
1 week ago You will never be able to derive a proper Istio CRD from a Go struct, or at least not with kubebuilder. We have completely custom definition (protobuf) -> CRD schema. Like we have custom attributes, etc. Even if it appears to work by fixing a few issues like the ones mentioned here, it will be incorrect, possibly in subtle ways.
sorry if that doesn't really help you though... fwiw https://github.com/istio/tools/blob/master/cmd/protoc-gen-crd/ is the code
Describe the feature request
The AuthorizationPolicy spec (security/v1beta1/authorization_policy.pb.go) go type can't be used with controller-tools If I try to create a CRD with kubebuilder / controller-tools that embeds an AuthorizationPolicy spec as part of my CRD object, I have to create my own copy of the existing type, which adds more work to translate it to an actual AuthorizationPolicy later on.
The reason this fails is that the type has an ActionDetail property which lacks any
jsontag. This is because this property is not part of the CRD itself I believe. However, controller-tools at best allows to ignore private properties from a type but not public properties. So it fails to create the CRD object.One option would be to make ActionDetail private (actionDetail - there is already a GetActionDetail method defined) but this is an interface change that would likely introduce breakages in existing code if they access that property directly
Describe alternatives you've considered
Alternative is to create a "copy" of the type and create methods to get an istio AuthorizationPolicy object out of the clone type
Affected product area (please put an X in all that apply)
[ ] Configuration Infrastructure [ ] Docs [ ] Installation [ ] Networking [ ] Performance and Scalability [ ] Policies and Telemetry [ ] Security [ ] Test and Release [ ] User Experience
Additional context