Add CEL for nodeLocalLoadBalancing vs. externalAddress

Also rewrite the Go validation to match how it's done in the CEL expression, for symmetry. Should behave identically. Signed-off-by: Tom Wieczorek <[email protected]>
twz123 · Jul 10, 2024 · 723a6ae · 723a6ae
1 parent 2a7e939
commit 723a6ae
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 14 deletions.
diff --git a/pkg/apis/k0s/v1beta1/clusterconfig_types.go b/pkg/apis/k0s/v1beta1/clusterconfig_types.go
@@ -34,10 +34,8 @@ const (
 	ClusterConfigAPIVersion = "k0s.k0sproject.io/v1beta1"
 )
 
-// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
-
 // ClusterSpec defines the desired state of ClusterConfig
+// +kubebuilder:validation:XValidation:rule="!has(self.api.externalAddress) || self.api.externalAddress == '' || !has(self.network.nodeLocalLoadBalancing.enabled) || !self.network.nodeLocalLoadBalancing.enabled",message="node-local load balancing cannot be used in conjunction with an external Kubernetes API server address"
 type ClusterSpec struct {
 	API               *APISpec               `json:"api,omitempty"`
 	ControllerManager *ControllerManagerSpec `json:"controllerManager,omitempty"`
@@ -338,21 +336,13 @@ func (s *ClusterSpec) Validate() (errs []error) {
 }
 
 func (s *ClusterSpec) ValidateNodeLocalLoadBalancing() (errs field.ErrorList) {
-	if s.Network == nil || !s.Network.NodeLocalLoadBalancing.IsEnabled() {
-		return
-	}
-
-	if s.API == nil {
+	if s.API == nil || s.API.ExternalAddress == "" || s.Network == nil || !s.Network.NodeLocalLoadBalancing.IsEnabled() {
 		return
 	}
 
+	detail := "node-local load balancing cannot be used in conjunction with an external Kubernetes API server address"
 	path := field.NewPath("network", "nodeLocalLoadBalancing", "enabled")
-
-	if s.API.ExternalAddress != "" {
-		detail := "node-local load balancing cannot be used in conjunction with an external Kubernetes API server address"
-		errs = append(errs, field.Forbidden(path, detail))
-	}
-
+	errs = append(errs, field.Forbidden(path, detail))
 	return
 }
 

diff --git a/static/manifests/k0s/CustomResourceDefinition/k0s.k0sproject.io_clusterconfigs.yaml b/static/manifests/k0s/CustomResourceDefinition/k0s.k0sproject.io_clusterconfigs.yaml
@@ -808,6 +808,11 @@ spec:
                   type: object
                 type: array
             type: object
+            x-kubernetes-validations:
+            - message: node-local load balancing cannot be used in conjunction with
+                an external Kubernetes API server address
+              rule: '!has(self.api.externalAddress) || self.api.externalAddress ==
+                '''' || !has(self.network.nodeLocalLoadBalancing.enabled) || !self.network.nodeLocalLoadBalancing.enabled'
           status:
             description: ClusterConfigStatus defines the observed state of ClusterConfig
             type: object