🌱 Add OpenAPI defaulting detection for KubeadmConfig by using forbiddenmarkers #12851
Conversation
…markers Signed-off-by: nayuta-ai <[email protected]>
k8s-ci-robot
added
area/ci
|
Hi @nayuta723. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
.golangci-kal.yml
Outdated
| linters: | ||
| - kubeapilinter | ||
|
|
||
| ## Apply forbiddenmarkers only to api/bootstrap/kubeadm |
There was a problem hiding this comment.
Let's go one step further and block all defaulting (as we don't want to use OpenAPI defaulting at all nowadays)
I think we can drop this config here and then add an exclude for existing markers. If I see correctly there is only one usage of the default marker in v1beta2 today.
Let's add this exclude in its own section directly above "# TODO: Excludes that should be removed once the corresponding issues in KAL are fixed"
(v1beta1 is probably already excluded correctly in l.91++)
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
.golangci-kal.yml
Outdated
| ## Apply forbiddenmarkers only to api/bootstrap/kubeadm | ||
| - path-except: "api/bootstrap/kubeadm/.*" | ||
| text: "forbiddenmarkers" | ||
| linters: | ||
| - kubeapilinter | ||
|
|
There was a problem hiding this comment.
If we add other forbidden markers in the future, this will prevent them from being picked up in the wider APIs.
Have you considered making the text more specific to only pick up the default markers?
Signed-off-by: nayuta-ai <[email protected]>
|
@sbueringer @JoelSpeed |
sbueringer
added
the
tide/merge-method-squash
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: c7c8dd56aec60c3c6d571efc47f4604cc5153642
|
|
/lgtm |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sbueringer The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
Sorry shouldn't have approved and added comments. I'll follow-up :) (xref: #12869) |
5 participants
What this PR does / why we need it:
This PR introduces a new forbiddenmarkers linter check targeting the KubeadmConfigSpec struct and its nested fields. We've repeatedly encountered issues where adding new default values via OpenAPI markers (e.g., // +kubebuilder:default) leads to unintended KubeadmControlPlane (KCP) rollouts following a CAPI upgrade.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #8147
/area ci