Merge pull request #100 from numtide/default-restrictions

feat(api): enforce strict single-database topology via CEL validation and image settings to children

Author: fernando-villalba

api/v1alpha1/cell_types.go

@@ -17,6 +17,7 @@ limitations under the License.
 package v1alpha1
 
 import (
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -45,9 +46,8 @@ type CellSpec struct {
 	// +kubebuilder:validation:MaxLength=63
 	Region string `json:"region,omitempty"`
 
-	// MultiGatewayImage is the image used for the gateway in this cell.
-	// +kubebuilder:validation:MaxLength=512
-	MultiGatewayImage string `json:"multigatewayImage"`
+	// Images defines the container images used in this cell.
+	Images CellImages `json:"images"`
 
 	// MultiGateway fully resolved config.
 	MultiGateway StatelessSpec `json:"multigateway"`
@@ -69,6 +69,22 @@ type CellSpec struct {
 	TopologyReconciliation TopologyReconciliation `json:"topologyReconciliation,omitempty"`
 }
 
+// CellImages defines the images required for a Cell.
+type CellImages struct {
+	// ImagePullPolicy overrides the default image pull policy.
+	// +optional
+	// +kubebuilder:validation:Enum=Always;Never;IfNotPresent
+	ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"`
+
+	// ImagePullSecrets is a list of references to secrets in the same namespace.
+	// +optional
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+
+	// MultiGateway is the image used for the gateway.
+	// +kubebuilder:validation:MaxLength=512
+	MultiGateway string `json:"multigateway"`
+}
+
 // TopologyReconciliation defines flags for the cell controller.
 type TopologyReconciliation struct {
 	// RegisterCell indicates if the cell should register itself in the topology.

api/v1alpha1/multigrescluster_types.go

@@ -55,8 +55,8 @@ type MultigresClusterSpec struct {
 	// +optional
 	// +listType=map
 	// +listMapKey=name
-	// +kubebuilder:validation:XValidation:rule="self.filter(x, has(x.default) && x.default).size() <= 1",message="only one database can be marked as default"
-	// +kubebuilder:validation:MaxItems=50
+	// +kubebuilder:validation:MaxItems=1
+	// +kubebuilder:validation:XValidation:rule="self.all(db, db.name == 'postgres' && db.default == true)",message="in v1alpha1, only the single system database named 'postgres' (marked default: true) is supported"
 	Databases []DatabaseConfig `json:"databases,omitempty"`
 }
 
@@ -217,12 +217,13 @@ type DatabaseConfig struct {
 	// +optional
 	// +listType=map
 	// +listMapKey=name
-	// +kubebuilder:validation:XValidation:rule="self.filter(x, has(x.default) && x.default).size() <= 1",message="only one tablegroup can be marked as default"
+	// +kubebuilder:validation:XValidation:rule="self.filter(x, has(x.default) && x.default).size() == 1",message="every database must have exactly one tablegroup marked as default"
 	// +kubebuilder:validation:MaxItems=20
 	TableGroups []TableGroupConfig `json:"tablegroups,omitempty"`
 }
 
 // TableGroupConfig defines a table group within a database.
+// +kubebuilder:validation:XValidation:rule="!self.default || self.name == 'default'",message="the default tablegroup must be named 'default'"
 type TableGroupConfig struct {
 	// Name is the logical name of the table group.
 	// +kubebuilder:validation:MinLength=1

api/v1alpha1/shard_types.go

@@ -112,6 +112,15 @@ type ShardSpec struct {
 
 // ShardImages defines the images required for a Shard.
 type ShardImages struct {
+	// ImagePullPolicy overrides the default image pull policy.
+	// +optional
+	// +kubebuilder:validation:Enum=Always;Never;IfNotPresent
+	ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"`
+
+	// ImagePullSecrets is a list of references to secrets in the same namespace.
+	// +optional
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+
 	// MultiOrch is the image for the shard orchestrator.
 	// +kubebuilder:validation:MaxLength=512
 	MultiOrch string `json:"multiorch"`

config/crd/bases/multigres.com_multigresclusters.yaml

@@ -6864,26 +6864,31 @@ spec:
                         required:
                         - name
                         type: object
+                        x-kubernetes-validations:
+                        - message: the default tablegroup must be named 'default'
+                          rule: '!self.default || self.name == ''default'''
                       maxItems: 20
                       type: array
                       x-kubernetes-list-map-keys:
                       - name
                       x-kubernetes-list-type: map
                       x-kubernetes-validations:
-                      - message: only one tablegroup can be marked as default
-                        rule: self.filter(x, has(x.default) && x.default).size() <=
+                      - message: every database must have exactly one tablegroup marked
+                          as default
+                        rule: self.filter(x, has(x.default) && x.default).size() ==
                           1
                   required:
                   - name
                   type: object
-                maxItems: 50
+                maxItems: 1
                 type: array
                 x-kubernetes-list-map-keys:
                 - name
                 x-kubernetes-list-type: map
                 x-kubernetes-validations:
-                - message: only one database can be marked as default
-                  rule: self.filter(x, has(x.default) && x.default).size() <= 1
+                - message: 'in v1alpha1, only the single system database named ''postgres''
+                    (marked default: true) is supported'
+                  rule: self.all(db, db.name == 'postgres' && db.default == true)
               globalTopoServer:
                 description: GlobalTopoServer defines the cluster-wide global topology
                   server.