We should consider using CEL validation in our CRDs to improve the validation of things that OpenAPI cannot validate. Two things were raised recently:
Validation of unique listener names (#9338)
Validation of fields required only for some type that cannot be set as required in OPenAPI because of other type values (#9398)
We should investigate how CEL can help there. But we should keep in mind the following aspects:
It would be good to understand first how you plan to generate the validation rules from the Java code (as you cannot simply just edit the CRD and add it there -> they are all generated from the code)
We have to make sure it scales well when used for all fields like this which there are quite a many
We have to make sure it does not break the CRDs on the older Kubernetes versions. I'm not sure if this breaks support of older versions or not - but some new features in the past did it. So we need to be careful about it.
Discussed in the community call on 14.12.: Could provide a useful functionality. Might need a proposal depending on the complexity of the added rules and how are the generated out of the API classes?
We should consider using CEL validation in our CRDs to improve the validation of things that OpenAPI cannot validate. Two things were raised recently:
type
that cannot be set as required in OPenAPI because of othertype
values (#9398)We should investigate how CEL can help there. But we should keep in mind the following aspects: