Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: 4.20.0
Affects Version/s: 4.18, 4.19, 4.20
Component/s: kube-apiserver
Labels:
None

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None
Regression:
None

Target Backport Versions:
None
Target Version:

4.20.0
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
Done
Release Note Type:
Bug Fix
Release Note Text:

Hide
* Before this update, the runtime cost estimator for `IntOrString` types did not account for the maximum length in the CRD schema which caused high runtime cost estimates for unbounded `IntOrStrings`. With this release, the CEL cost estimator now accounts for for the maximum length of the string and CEL validations, including the `IntOrString` types, can now be used within CRD schemas. (link:https://issues.redhat.com/browse/OCPBUGS-59756[*OCPBUGS-59756*])
-------
Cause: The runtime cost estimator for IntOrString types did not account for the maximum length in the CRD schema
Consequence: Very high runtime costs were estimated for unbounded IntOrStrings
Fix: The CEL cost estimator now accounts for the maximum length of the string, per the openapi schema
Result: CEL validations including the IntOrString types can now be used within CRD schemas

Show
* Before this update, the runtime cost estimator for `IntOrString` types did not account for the maximum length in the CRD schema which caused high runtime cost estimates for unbounded `IntOrStrings`. With this release, the CEL cost estimator now accounts for for the maximum length of the string and CEL validations, including the `IntOrString` types, can now be used within CRD schemas. (link: https://issues.redhat.com/browse/OCPBUGS-59756 [* OCPBUGS-59756 *]) ------- Cause: The runtime cost estimator for IntOrString types did not account for the maximum length in the CRD schema Consequence: Very high runtime costs were estimated for unbounded IntOrStrings Fix: The CEL cost estimator now accounts for the maximum length of the string, per the openapi schema Result: CEL validations including the IntOrString types can now be used within CRD schemas

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

    Described in full on the upstream PR, https://github.com/kubernetes/kubernetes/pull/132837

There is an issue with resource.Quantity and other IntOrString style fields, where the CEL validation does not correctly account for the maximum length of the field per the open api validation.

Prior to the fix, the validation

// +kubebuilder:validation:XValidation:rule="isQuantity(self) && quantity(self).isGreaterThan(quantity('0'))",message="request must be a positive, non-zero quantity"

Would fail as it declared the validation cost was too high, even when limiting the length of the string.

With the upstream fix, the length of the string is now correctly taken into account and the runtime cost is correctly calculated.

Version-Release number of selected component (if applicable):

How reproducible:

    100%

Steps to Reproduce:

    See https://github.com/kubernetes/kubernetes/pull/132837

Actual results:

Expected results:

Additional info:

links to

openshift/kubernetes#2375: OCPBUGS-59756: Fix IntOrString cost estimation when schema has a MaxLength constraint

Assignee:: Joel Speed

Reporter:: Joel Speed

Need Info From:: None

Contributors:: None

QA Contact:: Ke Wang

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2025/07/24 12:17 PM

Updated:: 2025/10/01 2:57 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates