Skip to content

[fix] validate pni crd is immutable #4143

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
+20 −2
Open

[fix] validate pni crd is immutable #4143

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
11c9872
make pni immutable
aranta-rokade Nov 24, 2025
aef1a64
fix comment
aranta-rokade Nov 26, 2025
4024a75
update manifest
aranta-rokade Nov 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions crd/multitenancy/api/v1alpha1/podnetworkinstance.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,15 @@ import (
// +kubebuilder:metadata:labels=managed=
// +kubebuilder:metadata:labels=owner=
// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status`
//
// Enforce immutability of .spec once reconcile is complete (status becomes Ready).
// Rule semantics:
// - Allow CREATE.
// - Do not allow UPDATE require self.spec == oldSelf.spec (no spec changes).
//
// This compiles to a CRD-level x-kubernetes-validations transition rule using oldSelf.
// Requires Kubernetes versions that support CEL transition rules.
// +kubebuilder:validation:XValidation:rule="self.spec == oldSelf.spec",message="Spec is immutable."
type PodNetworkInstance struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Expand Down
15 changes: 13 additions & 2 deletions crd/multitenancy/manifests/multitenancy.acn.azure.com_podnetworkinstances.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,16 @@ spec:
name: v1alpha1
schema:
openAPIV3Schema:
description: PodNetworkInstance is the Schema for the PodNetworkInstances
API
description: |-
PodNetworkInstance is the Schema for the PodNetworkInstances API

Enforce immutability of .spec once reconcile is complete (status becomes Ready).
Rule semantics:
- Allow CREATE.
- Do not allow UPDATE require self.spec == oldSelf.spec (no spec changes).

This compiles to a CRD-level x-kubernetes-validations transition rule using oldSelf.
Requires Kubernetes versions that support CEL transition rules.
properties:
apiVersion:
description: |-
Expand Down Expand Up @@ -109,6 +117,9 @@ spec:
type: string
type: object
type: object
x-kubernetes-validations:
- message: Spec is immutable.
rule: self.spec == oldSelf.spec
served: true
storage: true
subresources:
Expand Down
Loading