make changes for reconcile logic and remove cel validation for overrides

Author: saewoni

charts/karpenter-crd/templates/karpenter.azure.com_aksnodeclasses.yaml

@@ -188,8 +188,11 @@ spec:
                   For more details see aka.ms/aks/localdns.
                 properties:
                   kubeDNSOverrides:
-                    additionalProperties:
-                      description: LocalDNSOverrides specifies DNS override configuration
+                    description: KubeDNS overrides apply to DNS traffic from pods
+                      with dnsPolicy:ClusterFirst (referred to as KubeDNS traffic).
+                    items:
+                      description: LocalDNSZoneOverride specifies DNS override configuration
+                        for a specific zone
                       properties:
                         cacheDuration:
                           description: Cache max TTL. See [cache plugin](https://coredns.io/plugins/cache)
@@ -244,6 +247,10 @@ spec:
                             for more information.
                           pattern: ^([0-9]+(s|m|h))+$
                           type: string
+                        zone:
+                          description: Zone is the DNS zone this override applies
+                            to (e.g., ".", "cluster.local").
+                          type: string
                       required:
                       - cacheDuration
                       - forwardDestination
@@ -253,14 +260,16 @@ spec:
                       - queryLogging
                       - serveStale
                       - serveStaleDuration
+                      - zone
                       type: object
                       x-kubernetes-validations:
                       - message: ServeStale verify cannot be used with ForceTCP protocol
                         rule: '!(has(self.serveStale) && self.serveStale == ''Verify''
                           && has(self.protocol) && self.protocol == ''ForceTCP'')'
-                    description: KubeDNS overrides apply to DNS traffic from pods
-                      with dnsPolicy:ClusterFirst (referred to as KubeDNS traffic).
-                    type: object
+                    type: array
+                    x-kubernetes-validations:
+                    - message: each zone must be unique in kubeDNSOverrides
+                      rule: self.all(o, self.exists_one(p, p.zone == o.zone))
                   mode:
                     description: Mode of enablement for localDNS.
                     enum:
@@ -269,8 +278,11 @@ spec:
                     - Disabled
                     type: string
                   vnetDNSOverrides:
-                    additionalProperties:
-                      description: LocalDNSOverrides specifies DNS override configuration
+                    description: VnetDNS overrides apply to DNS traffic from pods
+                      with dnsPolicy:default or kubelet (referred to as VnetDNS traffic).
+                    items:
+                      description: LocalDNSZoneOverride specifies DNS override configuration
+                        for a specific zone
                       properties:
                         cacheDuration:
                           description: Cache max TTL. See [cache plugin](https://coredns.io/plugins/cache)
@@ -325,6 +337,10 @@ spec:
                             for more information.
                           pattern: ^([0-9]+(s|m|h))+$
                           type: string
+                        zone:
+                          description: Zone is the DNS zone this override applies
+                            to (e.g., ".", "cluster.local").
+                          type: string
                       required:
                       - cacheDuration
                       - forwardDestination
@@ -334,38 +350,40 @@ spec:
                       - queryLogging
                       - serveStale
                       - serveStaleDuration
+                      - zone
                       type: object
                       x-kubernetes-validations:
                       - message: ServeStale verify cannot be used with ForceTCP protocol
                         rule: '!(has(self.serveStale) && self.serveStale == ''Verify''
                           && has(self.protocol) && self.protocol == ''ForceTCP'')'
-                    description: VnetDNS overrides apply to DNS traffic from pods
-                      with dnsPolicy:default or kubelet (referred to as VnetDNS traffic).
-                    type: object
+                    type: array
+                    x-kubernetes-validations:
+                    - message: each zone must be unique in vnetDNSOverrides
+                      rule: self.all(o, self.exists_one(p, p.zone == o.zone))
                 required:
                 - kubeDNSOverrides
                 - mode
                 - vnetDNSOverrides
                 type: object
                 x-kubernetes-validations:
                 - message: vnetDNSOverrides must contain required zones '.' and 'cluster.local'
-                  rule: '''.'' in self.vnetDNSOverrides && ''cluster.local'' in self.vnetDNSOverrides'
+                  rule: self.vnetDNSOverrides.exists(o, o.zone == '.') && self.vnetDNSOverrides.exists(o,
+                    o.zone == 'cluster.local')
                 - message: kubeDNSOverrides must contain required zones '.' and 'cluster.local'
-                  rule: '''.'' in self.kubeDNSOverrides && ''cluster.local'' in self.kubeDNSOverrides'
+                  rule: self.kubeDNSOverrides.exists(o, o.zone == '.') && self.kubeDNSOverrides.exists(o,
+                    o.zone == 'cluster.local')
                 - message: DNS traffic for root zone '.' cannot be forwarded to ClusterCoreDNS
                     from vnetDNSOverrides
-                  rule: '!(''.'' in self.vnetDNSOverrides && has(self.vnetDNSOverrides[''.''].forwardDestination)
-                    && self.vnetDNSOverrides[''.''].forwardDestination == ''ClusterCoreDNS'')'
+                  rule: '!self.vnetDNSOverrides.exists(o, o.zone == ''.'' && has(o.forwardDestination)
+                    && o.forwardDestination == ''ClusterCoreDNS'')'
                 - message: DNS traffic for 'cluster.local' cannot be forwarded to
                     VnetDNS from vnetDNSOverrides
-                  rule: '!self.vnetDNSOverrides.exists(zone, zone.endsWith(''cluster.local'')
-                    && has(self.vnetDNSOverrides[zone].forwardDestination) && self.vnetDNSOverrides[zone].forwardDestination
-                    == ''VnetDNS'')'
+                  rule: '!self.vnetDNSOverrides.exists(o, o.zone.endsWith(''cluster.local'')
+                    && has(o.forwardDestination) && o.forwardDestination == ''VnetDNS'')'
                 - message: DNS traffic for 'cluster.local' cannot be forwarded to
                     VnetDNS from kubeDNSOverrides
-                  rule: '!self.kubeDNSOverrides.exists(zone, zone.endsWith(''cluster.local'')
-                    && has(self.kubeDNSOverrides[zone].forwardDestination) && self.kubeDNSOverrides[zone].forwardDestination
-                    == ''VnetDNS'')'
+                  rule: '!self.kubeDNSOverrides.exists(o, o.zone.endsWith(''cluster.local'')
+                    && has(o.forwardDestination) && o.forwardDestination == ''VnetDNS'')'
               maxPods:
                 description: |-
                   MaxPods is an override for the maximum number of pods that can run on a worker node instance.
@@ -711,8 +729,11 @@ spec:
                   For more details see aka.ms/aks/localdns.
                 properties:
                   kubeDNSOverrides:
-                    additionalProperties:
-                      description: LocalDNSOverrides specifies DNS override configuration
+                    description: KubeDNS overrides apply to DNS traffic from pods
+                      with dnsPolicy:ClusterFirst (referred to as KubeDNS traffic).
+                    items:
+                      description: LocalDNSZoneOverride specifies DNS override configuration
+                        for a specific zone
                       properties:
                         cacheDuration:
                           description: Cache max TTL. See [cache plugin](https://coredns.io/plugins/cache)
@@ -767,6 +788,10 @@ spec:
                             for more information.
                           pattern: ^([0-9]+(s|m|h))+$
                           type: string
+                        zone:
+                          description: Zone is the DNS zone this override applies
+                            to (e.g., ".", "cluster.local").
+                          type: string
                       required:
                       - cacheDuration
                       - forwardDestination
@@ -776,14 +801,16 @@ spec:
                       - queryLogging
                       - serveStale
                       - serveStaleDuration
+                      - zone
                       type: object
                       x-kubernetes-validations:
                       - message: ServeStale verify cannot be used with ForceTCP protocol
                         rule: '!(has(self.serveStale) && self.serveStale == ''Verify''
                           && has(self.protocol) && self.protocol == ''ForceTCP'')'
-                    description: KubeDNS overrides apply to DNS traffic from pods
-                      with dnsPolicy:ClusterFirst (referred to as KubeDNS traffic).
-                    type: object
+                    type: array
+                    x-kubernetes-validations:
+                    - message: each zone must be unique in kubeDNSOverrides
+                      rule: self.all(o, self.exists_one(p, p.zone == o.zone))
                   mode:
                     description: Mode of enablement for localDNS.
                     enum:
@@ -792,8 +819,11 @@ spec:
                     - Disabled
                     type: string
                   vnetDNSOverrides:
-                    additionalProperties:
-                      description: LocalDNSOverrides specifies DNS override configuration
+                    description: VnetDNS overrides apply to DNS traffic from pods
+                      with dnsPolicy:default or kubelet (referred to as VnetDNS traffic).
+                    items:
+                      description: LocalDNSZoneOverride specifies DNS override configuration
+                        for a specific zone
                       properties:
                         cacheDuration:
                           description: Cache max TTL. See [cache plugin](https://coredns.io/plugins/cache)
@@ -848,6 +878,10 @@ spec:
                             for more information.
                           pattern: ^([0-9]+(s|m|h))+$
                           type: string
+                        zone:
+                          description: Zone is the DNS zone this override applies
+                            to (e.g., ".", "cluster.local").
+                          type: string
                       required:
                       - cacheDuration
                       - forwardDestination
@@ -857,38 +891,40 @@ spec:
                       - queryLogging
                       - serveStale
                       - serveStaleDuration
+                      - zone
                       type: object
                       x-kubernetes-validations:
                       - message: ServeStale verify cannot be used with ForceTCP protocol
                         rule: '!(has(self.serveStale) && self.serveStale == ''Verify''
                           && has(self.protocol) && self.protocol == ''ForceTCP'')'
-                    description: VnetDNS overrides apply to DNS traffic from pods
-                      with dnsPolicy:default or kubelet (referred to as VnetDNS traffic).
-                    type: object
+                    type: array
+                    x-kubernetes-validations:
+                    - message: each zone must be unique in vnetDNSOverrides
+                      rule: self.all(o, self.exists_one(p, p.zone == o.zone))
                 required:
                 - kubeDNSOverrides
                 - mode
                 - vnetDNSOverrides
                 type: object
                 x-kubernetes-validations:
                 - message: vnetDNSOverrides must contain required zones '.' and 'cluster.local'
-                  rule: '''.'' in self.vnetDNSOverrides && ''cluster.local'' in self.vnetDNSOverrides'
+                  rule: self.vnetDNSOverrides.exists(o, o.zone == '.') && self.vnetDNSOverrides.exists(o,
+                    o.zone == 'cluster.local')
                 - message: kubeDNSOverrides must contain required zones '.' and 'cluster.local'
-                  rule: '''.'' in self.kubeDNSOverrides && ''cluster.local'' in self.kubeDNSOverrides'
+                  rule: self.kubeDNSOverrides.exists(o, o.zone == '.') && self.kubeDNSOverrides.exists(o,
+                    o.zone == 'cluster.local')
                 - message: DNS traffic for root zone '.' cannot be forwarded to ClusterCoreDNS
                     from vnetDNSOverrides
-                  rule: '!(''.'' in self.vnetDNSOverrides && has(self.vnetDNSOverrides[''.''].forwardDestination)
-                    && self.vnetDNSOverrides[''.''].forwardDestination == ''ClusterCoreDNS'')'
+                  rule: '!self.vnetDNSOverrides.exists(o, o.zone == ''.'' && has(o.forwardDestination)
+                    && o.forwardDestination == ''ClusterCoreDNS'')'
                 - message: DNS traffic for 'cluster.local' cannot be forwarded to
                     VnetDNS from vnetDNSOverrides
-                  rule: '!self.vnetDNSOverrides.exists(zone, zone.endsWith(''cluster.local'')
-                    && has(self.vnetDNSOverrides[zone].forwardDestination) && self.vnetDNSOverrides[zone].forwardDestination
-                    == ''VnetDNS'')'
+                  rule: '!self.vnetDNSOverrides.exists(o, o.zone.endsWith(''cluster.local'')
+                    && has(o.forwardDestination) && o.forwardDestination == ''VnetDNS'')'
                 - message: DNS traffic for 'cluster.local' cannot be forwarded to
                     VnetDNS from kubeDNSOverrides
-                  rule: '!self.kubeDNSOverrides.exists(zone, zone.endsWith(''cluster.local'')
-                    && has(self.kubeDNSOverrides[zone].forwardDestination) && self.kubeDNSOverrides[zone].forwardDestination
-                    == ''VnetDNS'')'
+                  rule: '!self.kubeDNSOverrides.exists(o, o.zone.endsWith(''cluster.local'')
+                    && has(o.forwardDestination) && o.forwardDestination == ''VnetDNS'')'
               maxPods:
                 description: |-
                   MaxPods is an override for the maximum number of pods that can run on a worker node instance.

pkg/apis/v1alpha2/aksnodeclass.go

@@ -118,21 +118,14 @@ const (
 // LocalDNS configures the per-node local DNS, with VnetDNS and KubeDNS overrides.
 // LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster.
 // For more details see aka.ms/aks/localdns.
-// +kubebuilder:validation:XValidation:rule="self.vnetDNSOverrides.exists(o, o.zone == '.') && self.vnetDNSOverrides.exists(o, o.zone == 'cluster.local')",message="vnetDNSOverrides must contain required zones '.' and 'cluster.local'"
-// +kubebuilder:validation:XValidation:rule="self.kubeDNSOverrides.exists(o, o.zone == '.') && self.kubeDNSOverrides.exists(o, o.zone == 'cluster.local')",message="kubeDNSOverrides must contain required zones '.' and 'cluster.local'"
-// +kubebuilder:validation:XValidation:rule="!self.vnetDNSOverrides.exists(o, o.zone == '.' && has(o.forwardDestination) && o.forwardDestination == 'ClusterCoreDNS')",message="DNS traffic for root zone '.' cannot be forwarded to ClusterCoreDNS from vnetDNSOverrides"
-// +kubebuilder:validation:XValidation:rule="!self.vnetDNSOverrides.exists(o, o.zone.endsWith('cluster.local') && has(o.forwardDestination) && o.forwardDestination == 'VnetDNS')",message="DNS traffic for 'cluster.local' cannot be forwarded to VnetDNS from vnetDNSOverrides"
-// +kubebuilder:validation:XValidation:rule="!self.kubeDNSOverrides.exists(o, o.zone.endsWith('cluster.local') && has(o.forwardDestination) && o.forwardDestination == 'VnetDNS')",message="DNS traffic for 'cluster.local' cannot be forwarded to VnetDNS from kubeDNSOverrides"
 type LocalDNS struct {
 	// Mode of enablement for localDNS.
 	// +required
 	Mode LocalDNSMode `json:"mode"`
 	// VnetDNS overrides apply to DNS traffic from pods with dnsPolicy:default or kubelet (referred to as VnetDNS traffic).
-	// +kubebuilder:validation:XValidation:rule="self.all(o, self.exists_one(p, p.zone == o.zone))",message="each zone must be unique in vnetDNSOverrides"
 	// +required
 	VnetDNSOverrides []LocalDNSZoneOverride `json:"vnetDNSOverrides"`
 	// KubeDNS overrides apply to DNS traffic from pods with dnsPolicy:ClusterFirst (referred to as KubeDNS traffic).
-	// +kubebuilder:validation:XValidation:rule="self.all(o, self.exists_one(p, p.zone == o.zone))",message="each zone must be unique in kubeDNSOverrides"
 	// +required
 	KubeDNSOverrides []LocalDNSZoneOverride `json:"kubeDNSOverrides"`
 }

pkg/apis/v1beta1/aksnodeclass.go

@@ -119,21 +119,14 @@ const (
 // LocalDNS configures the per-node local DNS, with VnetDNS and KubeDNS overrides.
 // LocalDNS helps improve performance and reliability of DNS resolution in an AKS cluster.
 // For more details see aka.ms/aks/localdns.
-// +kubebuilder:validation:XValidation:rule="self.vnetDNSOverrides.exists(o, o.zone == '.') && self.vnetDNSOverrides.exists(o, o.zone == 'cluster.local')",message="vnetDNSOverrides must contain required zones '.' and 'cluster.local'"
-// +kubebuilder:validation:XValidation:rule="self.kubeDNSOverrides.exists(o, o.zone == '.') && self.kubeDNSOverrides.exists(o, o.zone == 'cluster.local')",message="kubeDNSOverrides must contain required zones '.' and 'cluster.local'"
-// +kubebuilder:validation:XValidation:rule="!self.vnetDNSOverrides.exists(o, o.zone == '.' && has(o.forwardDestination) && o.forwardDestination == 'ClusterCoreDNS')",message="DNS traffic for root zone '.' cannot be forwarded to ClusterCoreDNS from vnetDNSOverrides"
-// +kubebuilder:validation:XValidation:rule="!self.vnetDNSOverrides.exists(o, o.zone.endsWith('cluster.local') && has(o.forwardDestination) && o.forwardDestination == 'VnetDNS')",message="DNS traffic for 'cluster.local' cannot be forwarded to VnetDNS from vnetDNSOverrides"
-// +kubebuilder:validation:XValidation:rule="!self.kubeDNSOverrides.exists(o, o.zone.endsWith('cluster.local') && has(o.forwardDestination) && o.forwardDestination == 'VnetDNS')",message="DNS traffic for 'cluster.local' cannot be forwarded to VnetDNS from kubeDNSOverrides"
 type LocalDNS struct {
 	// Mode of enablement for localDNS.
 	// +required
 	Mode LocalDNSMode `json:"mode"`
 	// VnetDNS overrides apply to DNS traffic from pods with dnsPolicy:default or kubelet (referred to as VnetDNS traffic).
-	// +kubebuilder:validation:XValidation:rule="self.all(o, self.exists_one(p, p.zone == o.zone))",message="each zone must be unique in vnetDNSOverrides"
 	// +required
 	VnetDNSOverrides []LocalDNSZoneOverride `json:"vnetDNSOverrides"`
 	// KubeDNS overrides apply to DNS traffic from pods with dnsPolicy:ClusterFirst (referred to as KubeDNS traffic).
-	// +kubebuilder:validation:XValidation:rule="self.all(o, self.exists_one(p, p.zone == o.zone))",message="each zone must be unique in kubeDNSOverrides"
 	// +required
 	KubeDNSOverrides []LocalDNSZoneOverride `json:"kubeDNSOverrides"`
 }