feat: implement type-level feature gates for CRDs

Add +kubebuilder:featuregate marker support for conditional CRD type
generation with OR/AND expression support.

Fixes #600

Author: wazery

pkg/crd/gen.go

@@ -163,7 +163,7 @@ func (g Generator) Generate(ctx *genall.GenerationContext) error {
 	}
 
 	// TODO: allow selecting a specific object
-	kubeKinds := FindKubeKinds(parser, metav1Pkg)
+	kubeKinds := FindKubeKinds(parser, metav1Pkg, featureGates)
 	if len(kubeKinds) == 0 {
 		// no objects in the roots
 		return nil
@@ -281,8 +281,8 @@ func FindMetav1(roots []*loader.Package) *loader.Package {
 
 // FindKubeKinds locates all types that contain TypeMeta and ObjectMeta
 // (and thus may be a Kubernetes object), and returns the corresponding
-// group-kinds.
-func FindKubeKinds(parser *Parser, metav1Pkg *loader.Package) []schema.GroupKind {
+// group-kinds that are not filtered out by feature gates.
+func FindKubeKinds(parser *Parser, metav1Pkg *loader.Package, featureGates featuregate.FeatureGateMap) []schema.GroupKind {
 	// TODO(directxman12): technically, we should be finding metav1 per-package
 	kubeKinds := map[schema.GroupKind]struct{}{}
 	for typeIdent, info := range parser.Types {
@@ -334,6 +334,19 @@ func FindKubeKinds(parser *Parser, metav1Pkg *loader.Package) []schema.GroupKind
 			continue
 		}
 
+		// Check type-level feature gate marker
+		if featureGateMarker := info.Markers.Get("kubebuilder:featuregate"); featureGateMarker != nil {
+			if typeFeatureGate, ok := featureGateMarker.(crdmarkers.TypeFeatureGate); ok {
+				gateName := string(typeFeatureGate)
+				// Create evaluator to handle complex expressions (OR/AND logic)
+				evaluator := featuregate.NewFeatureGateEvaluator(featureGates)
+				if !evaluator.EvaluateExpression(gateName) {
+					// Skip this type as its feature gate expression is not satisfied
+					continue
+				}
+			}
+		}
+
 		groupKind := schema.GroupKind{
 			Group: parser.GroupVersions[pkg].Group,
 			Kind:  typeIdent.Name,

pkg/crd/markers/crd.go

@@ -57,6 +57,9 @@ var CRDMarkers = []*definitionWithHelp{
 
 	must(markers.MakeDefinition("kubebuilder:selectablefield", markers.DescribesType, SelectableField{})).
 		WithHelp(SelectableField{}.Help()),
+
+	must(markers.MakeDefinition("kubebuilder:featuregate", markers.DescribesType, TypeFeatureGate(""))).
+		WithHelp(TypeFeatureGate("").Help()),
 }
 
 // TODO: categories and singular used to be annotations types
@@ -419,3 +422,22 @@ func (s SelectableField) ApplyToCRD(crd *apiext.CustomResourceDefinitionSpec, ve
 
 	return nil
 }
+
+// +controllertools:marker:generateHelp:category="CRD feature gates"
+
+// TypeFeatureGate marks an entire CRD type to be conditionally generated based on feature gate enablement.
+// Types marked with +kubebuilder:featuregate will only be included in generated CRDs
+// when the specified feature gate is enabled via the crd:featureGates parameter.
+//
+// Single gate format: +kubebuilder:featuregate=alpha
+// OR expression: +kubebuilder:featuregate=alpha|beta
+// AND expression: +kubebuilder:featuregate=alpha&beta
+// Complex expression: +kubebuilder:featuregate=(alpha&beta)|gamma
+type TypeFeatureGate string
+
+// ApplyToCRD does nothing for type feature gates - they are processed by the generator
+// to conditionally include/exclude entire CRDs during generation.
+func (TypeFeatureGate) ApplyToCRD(crd *apiext.CustomResourceDefinitionSpec, version string) error {
+	// Type feature gates are handled during CRD discovery/generation, not during CRD spec modification
+	return nil
+}

pkg/crd/markers/zz_generated.markerhelp.go

@@ -0,0 +1,60 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  name: alphagateds.
+spec:
+  group: ""
+  names:
+    kind: AlphaGated
+    listKind: AlphaGatedList
+    plural: alphagateds
+    singular: alphagated
+  scope: Namespace
+  versions:
+  - name: ""
+    schema:
+      openAPIV3Schema:
+        description: AlphaGated is only generated when alpha feature gate is enabled
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: AlphaGatedSpec defines a CRD that's only generated when alpha
+              gate is enabled
+            properties:
+              alphaField:
+                type: string
+            required:
+            - alphaField
+            type: object
+          status:
+            description: AlphaGatedStatus defines the observed state of AlphaGated
+            properties:
+              alphaReady:
+                type: boolean
+            required:
+            - alphaReady
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

pkg/crd/testdata/typelevelfeaturegates/output_alpha/_alphagateds.yaml

@@ -0,0 +1,60 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  name: alwaysons.
+spec:
+  group: ""
+  names:
+    kind: AlwaysOn
+    listKind: AlwaysOnList
+    plural: alwaysons
+    singular: alwayson
+  scope: Namespace
+  versions:
+  - name: ""
+    schema:
+      openAPIV3Schema:
+        description: AlwaysOn is always generated since it has no feature gate marker
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: AlwaysOnSpec defines a CRD that's always generated (no feature
+              gate)
+            properties:
+              name:
+                type: string
+            required:
+            - name
+            type: object
+          status:
+            description: AlwaysOnStatus defines the observed state of AlwaysOn
+            properties:
+              ready:
+                type: boolean
+            required:
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

pkg/crd/testdata/typelevelfeaturegates/output_alpha/_alwaysons.yaml

@@ -0,0 +1,61 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  name: orgateds.
+spec:
+  group: ""
+  names:
+    kind: OrGated
+    listKind: OrGatedList
+    plural: orgateds
+    singular: orgated
+  scope: Namespace
+  versions:
+  - name: ""
+    schema:
+      openAPIV3Schema:
+        description: OrGated is generated when either alpha OR beta feature gate is
+          enabled
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: OrGatedSpec defines a CRD that's generated when either alpha
+              OR beta is enabled
+            properties:
+              orField:
+                type: string
+            required:
+            - orField
+            type: object
+          status:
+            description: OrGatedStatus defines the observed state of OrGated
+            properties:
+              orReady:
+                type: boolean
+            required:
+            - orReady
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

pkg/crd/testdata/typelevelfeaturegates/output_alpha/_orgateds.yaml

@@ -0,0 +1,60 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  name: alwaysons.
+spec:
+  group: ""
+  names:
+    kind: AlwaysOn
+    listKind: AlwaysOnList
+    plural: alwaysons
+    singular: alwayson
+  scope: Namespace
+  versions:
+  - name: ""
+    schema:
+      openAPIV3Schema:
+        description: AlwaysOn is always generated since it has no feature gate marker
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: AlwaysOnSpec defines a CRD that's always generated (no feature
+              gate)
+            properties:
+              name:
+                type: string
+            required:
+            - name
+            type: object
+          status:
+            description: AlwaysOnStatus defines the observed state of AlwaysOn
+            properties:
+              ready:
+                type: boolean
+            required:
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

pkg/crd/testdata/typelevelfeaturegates/output_beta/_alwaysons.yaml

@@ -0,0 +1,60 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: (devel)
+  name: betagateds.
+spec:
+  group: ""
+  names:
+    kind: BetaGated
+    listKind: BetaGatedList
+    plural: betagateds
+    singular: betagated
+  scope: Namespace
+  versions:
+  - name: ""
+    schema:
+      openAPIV3Schema:
+        description: BetaGated is only generated when beta feature gate is enabled
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: BetaGatedSpec defines a CRD that's only generated when beta
+              gate is enabled
+            properties:
+              betaField:
+                type: string
+            required:
+            - betaField
+            type: object
+          status:
+            description: BetaGatedStatus defines the observed state of BetaGated
+            properties:
+              betaReady:
+                type: boolean
+            required:
+            - betaReady
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}