Discussion: Add maxItems=100 CEL Validation to PodResourcePolicy

[omerap12]

There is an ongoing PR that migrates some admission-controller validation to CEL validation, reducing the overall code footprint: kubernetes/autoscaler#7690.

I would like to extend this effort by introducing additional CEL validation to further simplify the code. Specifically, I propose adding the following rule to PodResourcePolicy:

// +kubebuilder:validation:XValidation:rule="!has(self.mode) || !has(self.controlledValues) || self.mode != 'Off' || self.controlledValues != 'RequestsAndLimits'",message="ControlledValues shouldn't be specified if container scaling mode is off"

This rule ensures that when container scaling is turned off (mode = 'Off'), users cannot set controlledValues = 'RequestsAndLimits'. In other words: If container scaling is disabled, requests and limits control should not be specified.

For complex rules like this, CEL validation requires boundary constraints to stay within the evaluation budget. Without them, we may encounter errors such as:

The CustomResourceDefinition "verticalpodautoscalers.autoscaling.k8s.io" is invalid: estimated rule cost exceeds budget (try adding maxItems, maxProperties, maxLength)

To address this, I propose adding the following constraint:

// +kubebuilder:validation:MaxItems=100

/area vertical-pod-autoscaler

[raywainman]

@omerap12 I'm not super familiar with all of this but does this effectively mean that we are adding a limit to the number of containerPolicies items in the PodResourcePolicy?

[omerap12]

@omerap12 I'm not super familiar with all of this but does this effectively mean that we are adding a limit to the number of containerPolicies items in the PodResourcePolicy?

Exactly