Migrate Admission Controller Validation to CEL

omerap12 · omerap12 · commit b60d1762c3de · 2025-01-14T15:16:56.000+02:00
Signed-off-by: Omer Aplatony &lt;omerap12@gmail.com&gt;
diff --git a/vertical-pod-autoscaler/deploy/vpa-v1-crd-gen.yaml b/vertical-pod-autoscaler/deploy/vpa-v1-crd-gen.yaml
@@ -302,6 +302,7 @@ spec:
                   - name
                   type: object
                 type: array
+                maxItems: 1
               resourcePolicy:
                 description: |-
                   Controls how the autoscaler computes recommended resources.
@@ -325,6 +326,7 @@ spec:
                             case the policy is used by the containers that don't have their own
                             policy specified.
                           type: string
+                          maxLength: 253
                         controlledResources:
                           description: |-
                             Specifies the type of recommendations that will be computed
@@ -334,6 +336,7 @@ spec:
                             description: ResourceName is the name identifying various
                               resources in a ResourceList.
                             type: string
+                            enum: ['RequestsAndLimits', 'RequestsOnly']
                           type: array
                         controlledValues:
                           description: |-
@@ -373,7 +376,13 @@ spec:
                           - "Off"
                           type: string
                       type: object
+                      x-kubernetes-validations:
+                      - rule: "size(self.containerName) > 0"
+                        message: "ContainerName cannot be empty"
+                      - rule: "!has(self.mode) || !has(self.controlledValues) || self.mode != 'Off' || self.controlledValues != 'RequestsAndLimits'"
+                        message: "ControlledValues shouldn't be specified if container scaling mode is off"
                     type: array
+                    maxItems: 100
                 type: object
               targetRef:
                 description: |-
@@ -460,7 +469,11 @@ spec:
                     - Recreate
                     - Auto
                     type: string
+                    default: "Auto"
                 type: object
+                x-kubernetes-validations:
+                  - rule: "!has(self.minReplicas) || self.minReplicas > 0"
+                    message: "MinReplicas has to be positive"
             required:
             - targetRef
             type: object
diff --git a/vertical-pod-autoscaler/pkg/admission-controller/resource/vpa/handler.go b/vertical-pod-autoscaler/pkg/admission-controller/resource/vpa/handler.go
@@ -112,25 +112,8 @@ func parseVPA(raw []byte) (*vpa_types.VerticalPodAutoscaler, error) {
 
 // ValidateVPA checks the correctness of VPA Spec and returns an error if there is a problem.
 func ValidateVPA(vpa *vpa_types.VerticalPodAutoscaler, isCreate bool) error {
-	if vpa.Spec.UpdatePolicy != nil {
-		mode := vpa.Spec.UpdatePolicy.UpdateMode
-		if mode == nil {
-			return fmt.Errorf("UpdateMode is required if UpdatePolicy is used")
-		}
-		if _, found := possibleUpdateModes[*mode]; !found {
-			return fmt.Errorf("unexpected UpdateMode value %s", *mode)
-		}
-
-		if minReplicas := vpa.Spec.UpdatePolicy.MinReplicas; minReplicas != nil && *minReplicas <= 0 {
-			return fmt.Errorf("MinReplicas has to be positive, got %v", *minReplicas)
-		}
-	}
-
 	if vpa.Spec.ResourcePolicy != nil {
 		for _, policy := range vpa.Spec.ResourcePolicy.ContainerPolicies {
-			if policy.ContainerName == "" {
-				return fmt.Errorf("ContainerPolicies.ContainerName is required")
-			}
 			mode := policy.Mode
 			if mode != nil {
 				if _, found := possibleScalingModes[*mode]; !found {
@@ -152,23 +135,8 @@ func ValidateVPA(vpa *vpa_types.VerticalPodAutoscaler, isCreate bool) error {
 					return fmt.Errorf("MaxAllowed: %v", err)
 				}
 			}
-			ControlledValues := policy.ControlledValues
-			if mode != nil && ControlledValues != nil {
-				if *mode == vpa_types.ContainerScalingModeOff && *ControlledValues == vpa_types.ContainerControlledValuesRequestsAndLimits {
-					return fmt.Errorf("ControlledValues shouldn't be specified if container scaling mode is off.")
-				}
-			}
 		}
 	}
-
-	if isCreate && vpa.Spec.TargetRef == nil {
-		return fmt.Errorf("TargetRef is required. If you're using v1beta1 version of the API, please migrate to v1")
-	}
-
-	if len(vpa.Spec.Recommenders) > 1 {
-		return fmt.Errorf("The current version of VPA object shouldn't specify more than one recommenders.")
-	}
-
 	return nil
 }
 
