Make changes for K8s version

k8s 1.28 cannot handle the .? validation we wanted to use
in CEL, so this PR uses a less complex version.

Author: benjaminjb

config/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml

@@ -16508,11 +16508,12 @@ spec:
                         type: object
                     type: object
                     x-kubernetes-validations:
-                    - message: config.global.logfile destination is restricted to
-                        '/tmp/logs/pgbouncer/' or an existing additional volume
-                      rule: self.?config.global.logfile.optMap(f, f.startsWith("/tmp/logs/pgbouncer/")
-                        || (self.?volumes.additional.hasValue() && self.volumes.additional.exists(v,
-                        f.startsWith("/volumes/" + v.name)))).orValue(true)
+                    - message: logfile destination is restricted to '/tmp/logs/pgbouncer/'
+                        or an existing additional volume
+                      rule: '!has(self.config) || !has(self.config.global) || !has(self.config.global.logfile)
+                        || self.config.global.logfile.startsWith(''/tmp/logs/pgbouncer/'')
+                        || (has(self.volumes) && has(self.volumes.additional) && self.volumes.additional.exists(x,
+                        self.config.global.logfile.startsWith("/volumes/"+x.name)))'
                 required:
                 - pgBouncer
                 type: object

pkg/apis/postgres-operator.crunchydata.com/v1/pgbouncer_types.go

@@ -9,7 +9,10 @@ import (
 )
 
 // PGBouncerPodSpec defines the desired state of a PgBouncer connection pooler.
-// +kubebuilder:validation:XValidation:rule=`self.?config.global.logfile.optMap(f, f.startsWith("/tmp/logs/pgbouncer/") || (self.?volumes.additional.hasValue() && self.volumes.additional.exists(v, f.startsWith("/volumes/" + v.name)))).orValue(true)`,message=`config.global.logfile destination is restricted to '/tmp/logs/pgbouncer/' or an existing additional volume`
+// +kubebuilder:validation:XValidation:rule=`!has(self.config) || !has(self.config.global) || !has(self.config.global.logfile) || self.config.global.logfile.startsWith('/tmp/logs/pgbouncer/') || (has(self.volumes) && has(self.volumes.additional) && self.volumes.additional.exists(x, self.config.global.logfile.startsWith("/volumes/"+x.name)))`,message=`logfile destination is restricted to '/tmp/logs/pgbouncer/' or an existing additional volume`
+// ---
+// TODO: the `.?` CEL syntax is unsupported in k8s 1.28, so we cannot use the optional field syntax
+// of `self.?config.global.logfile` and `self.?volumes.additional`
 type PGBouncerPodSpec struct {
 	v1beta1.PGBouncerPodSpec `json:",inline"`
 }

pkg/apis/postgres-operator.crunchydata.com/validation.md

@@ -95,3 +95,17 @@ The `additionalProperties` property indicates that the keys are unknown; these f
 > When possible, use [OpenAPI properties](#FIXME) rather than CEL rules.
 > The former do not affect the CRD [validation budget](#FIXME). <!-- https://imgur.com/CzpJn3j -->
 
+## Optional field syntax
+
+CEL offers a safe traversal/retrieval through the use of `?` as an [optional field marker].
+
+As an example, when attempting to retrieve `self.config.global.logfile`, in older (but still supported)
+versions of k8s, we may need to incrementally check the path: `has(self.config) && has(self.config.global)...`
+
+With the optional field marker, we can use that field safely without checking the entire path:
+`self.?config.global.logfile` will return a value or no value; and anything using that value will
+likewise be considered optional.
+
+The optional field syntax is only available in K8s 1.29+.
+
+[optional field marker]: https://pkg.go.dev/github.com/google/cel-go/cel#hdr-Syntax_Changes-OptionalTypes.