contour Utilize CEL validation in Contour CRDs

Utilize CEL validation in Contour CRDs

Open sunjayBhatia opened this issue 1 year ago • 1 comments

trafficstars

Our CRD field validation is a bit inconsistent and could use a refresh. We don't have consistent validation for similar fields and should probably introduce dedicated common types for some. For example, namespace name validation:

https://github.com/projectcontour/contour/blob/9eb2838cac25a37a2424b0b5b11323724162b176/apis/projectcontour/v1/httpproxy.go#L50-L51
https://github.com/projectcontour/contour/blob/9eb2838cac25a37a2424b0b5b11323724162b176/apis/projectcontour/v1/httpproxy.go#L209-L211

Also, much of our HTTPProxy|ExtensionService|etc. Processor logic is dedicated to validating CRD fields and setting Invalid status on resources that have bad config. If we can use CEL validations to do some of this work at resource creation time we may be able to prevent This would enable us to immediately surface configuration errors rather than requiring users to create a resource, check status, etc.

[ ] HTTPProxy
[ ] TLSCertificateDelegation
[ ] ContourConfiguration
[ ] ContourDeployment
[ ] ExtensionService

Jan 24 '24 21:01 sunjayBhatia

Assigning to myself since I've been looking at this today.

Feb 16 '24 23:02 flawedmatrix

contour contour copied to clipboard

Utilize CEL validation in Contour CRDs

contour
contour copied to clipboard