WIP: Rebase 1.36 jacob test revert tls gc#2659
Draft
jacobsee wants to merge 2925 commits intoopenshift:masterfrom
Draft
WIP: Rebase 1.36 jacob test revert tls gc#2659jacobsee wants to merge 2925 commits intoopenshift:masterfrom
jacobsee wants to merge 2925 commits intoopenshift:masterfrom
Conversation
* top command documentation enhancement * Added FAQ details
Introduce the ResourcePoolStatusRequest resource type in the resource.k8s.io/v1alpha3 API group, gated behind the DRAResourcePoolStatus feature gate. This includes external and internal type definitions, protobuf/OpenAPI generated code, client-go typed clients, informers, listers, apply configurations, deepcopy, defaults, conversion, fuzzer, declarative validation tags, and API discovery metadata.
Implement the RPSR controller that watches ResourcePoolStatusRequest objects and aggregates pool status from DRA drivers. Add the API server registry (strategy, storage), handwritten validation, RBAC bootstrap policy for the controller, kube-controller-manager wiring, table printer columns, and storage factory registration.
Add unit tests for handwritten and declarative validation, controller logic, metrics, table printer output, controller-manager registration, etcd storage round-trip, and an integration test for the full RPSR lifecycle. Also add an e2e test exercising the DRA test driver with RPSR and the example manifest.
…00, maxLength=128) for etcd safety, add Errors printer column Signed-off-by: Nour <nurmn3m@gmail.com>
Signed-off-by: Nour <nurmn3m@gmail.com>
Signed-off-by: Nour <nurmn3m@gmail.com>
…ify retry logic and metric tests Signed-off-by: Nour <nurmn3m@gmail.com>
…op unnecessary Feature:DynamicResourceAllocation tag, fix indentation Signed-off-by: Nour <nurmn3m@gmail.com>
…generate the code Signed-off-by: Nour <nurmn3m@gmail.com>
* Add admission for podGroup Signed-off-by: helayoty <heelayot@microsoft.com> * Create workload object before podgroup Signed-off-by: helayoty <heelayot@microsoft.com> --------- Signed-off-by: helayoty <heelayot@microsoft.com>
…econcile Remove reconcilePodMemoryProtection that resets pod cgroup values on systemd
…and container ID instead of StartTime The expectation that StartTime changes on kubelet restart for static pods is no longer reliable due to faked init container status logic. This change updates the tests to assert on the specific behavior introduced by that logic.
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
test: fix flaky static pod tests by asserting on termination message …
Remove PodGroupTemplateRef from the PodGroup e2e CRUD test. The PodGroupWorkloadExists admission plugin (introduced in kubernetes#137464) rejects PodGroups that reference a non-existent Workload, causing the test to fail. The workload reference is not needed to test basic PodGroup API CRUD operations.
Signed-off-by: Maciej Szulik <soltysh@gmail.com>
update google.golang.org/grpc to v1.79.3
…ist-default-to-false-for-1.36 Switch PLEGOnDemandRelist default to `false` for 1.36
…ure actuated pod-level resources are updated
…heduler-events scheduler: use contextual logging for event emission
…to ResourceSliceMaxDevicesWithAdvancedFeatures and add testcases with max devices with list attributes
KEP-961: demote maxUnavailable feature in statefulset to off by default
…oad-api test: Fix PodGroup CRUD test failing due to missing Workload reference
UPSTREAM: <carry>: admission: validate minimumKubeletVersion Signed-off-by: Peter Hunt <pehunt@redhat.com> UPSTREAM: <carry>: authorization: add minimumkubeletversion package MinimumKubeletVersion is a way for an admin to declare that nodes any older than the minimum version cannot authorize with the apiserver. This effectively prevents them from joining. Doing so means the apiservers can trust newer features are usable on clusters with version skews Signed-off-by: Peter Hunt <pehunt@redhat.com> UPSTREAM: <carry>: authorizer: move mininum kubelet version authorizer to pkg/kubeapiserver and add authorization mode this does require a line of code be moved from the enablement package to stop a cyclical import Signed-off-by: Peter Hunt <pehunt@redhat.com> UPSTREAM: <carry>: crdvalidation: move latency profile file to be agnostic of field Signed-off-by: Peter Hunt <pehunt@redhat.com> UPSTREAM: <carry>: features: add MinimumKubeletVersion feature Signed-off-by: Peter Hunt <pehunt@redhat.com> UPSTREAM: <carry>: Feature gates must now declare dependencies, even if there are none.
Upstream enables volume group snapshots by editing yaml files in a shell script [1]. We can't use this script in openshift-tests. Create a brand new, OCP specific test driver based on csi-driver-hostpath, only with the --feature-gate=VolumeGroupSnapshot on external-snapshotter command line. We will need to carry this patch until the feature graduates to GA. I've chosen to create brand new files in this carry patch, so it can't conflict with the existing ones. 1: https://github.com/kubernetes/kubernetes/blob/91d6fd3455c4a071408df20c7f48df221f2b6d30/test/e2e/testing-manifests/storage-csi/external-snapshotter/volume-group-snapshots/run_group_snapshot_e2e.sh
Co-authored-by: Allen Ray <alray@redhat.com>
…1 as deprecated." This reverts commit 24bf6d5.
UPSTREAM: <carry>: Add plugin for storage performant security policy Add featuregate for performantsecuritypolicy for storage UPSTREAM: <carry>: Feature gates must now declare dependencies, even if there are none.
Signed-off-by: Harshal Patil <12152047+harche@users.noreply.github.com>
Analysis of flakes from the k8s suite has shown consistent examples of otherwise well behaved testing failing due timeouts because of temporary load on controllers during parallel testing. Increasing these timeouts will reduce flakes.
MutableCSINodeAllocatableCount is now enabled in the default feature set, the tests should succeed just fine.
…imary clusters Detect cluster's primary IP family by querying kubernetes.default service ClusterIP instead of using HasIPv4/HasIPv6 flags. The previous logic incorrectly returned ipv4 for dual-stack v6-primary clusters because both HasIPv4 and HasIPv6 were true. This matches the upstream approach in test/e2e/e2e.go and fixes DNS tests that were querying for A records instead of AAAA records in v6-primary environments.
After openshift/origin#30786 added ibmcloud to the provider switch in openshift-tests, the provider name is now correctly passed through to k8s-tests-ext. However, k8s-tests-ext only registers upstream Kubernetes providers (aws, azure, gce, kubemark, openstack, vsphere) via the test/e2e/providers.go import. OpenShift-specific providers like ibmcloud are not registered, causing framework.AfterReadingAllFlags to call SetupProviderConfig which fails with "Unknown provider" and Exit(1), crashing every test process. This registers all OpenShift-specific cloud providers (baremetal, ovirt, kubevirt, alibabacloud, nutanix, ibmcloud, external) as NullProviders in k8s-tests-ext. These providers don't require special setup for upstream kube e2e tests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…e2e test Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: jubittajohn <jujohn@redhat.com>
To be squashed with the following commit later:"UPSTREAM: <carry>: Add OpenShift tooling, images, configs and docs" Signed-off-by: jubittajohn <jujohn@redhat.com>
…er_manager_linux_test.go Squash into: UPSTREAM: <carry>: disable load balancing on created cgroups when managed is enabled
…s in flagz_test.go and statusz_test.go
Squash into: UPSTREAM: <carry>: apiserver: add system_client=kube-{apiserver,cm,s} to apiserver_request_total
Signed-off-by: Shaza Aldawamneh <shaza.aldawamneh@hotmail.com>
…e when claims.email is used in username expression Signed-off-by: Shaza Aldawamneh <shaza.aldawamneh@hotmail.com>
Signed-off-by: jubittajohn <jujohn@redhat.com>
Signed-off-by: jubittajohn <jujohn@redhat.com>
Signed-off-by: jubittajohn <jujohn@redhat.com>
This reverts commit fa9a1fe.
jacobsee
force-pushed
the
rebase-1.36-jacob-revert-gc
branch
from
147d3f0 to
21e2941
Compare
openshift-ci
Bot
removed
the
needs-rebase
Member
Author
|
/test integration |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@api/openapi-spec/v3/apis__apps__v1_openapi.json`:
- Around line 6447-6455: The OpenAPI generator template is emitting invalid
"uniqueItems" on non-array parameter schemas (e.g., the "shardSelector" query
parameter schema is a string but includes "uniqueItems": true); update the
generator template to only emit "uniqueItems" when the schema.type is "array"
(or when an array schema object is being rendered) so scalar types (string,
integer, boolean) never get a uniqueItems property; search for the templated
parameter rendering code that outputs "uniqueItems" (used for parameters like
shardSelector, timeoutSeconds, allowWatchBookmarks) and wrap or gate that
emission with a check for schema.type == "array" (or equivalent template helper)
so generated specs no longer include dead/invalid metadata.
In `@api/openapi-spec/v3/apis__certificates.k8s.io__v1_openapi.json`:
- Around line 992-999: The description for the query parameter "shardSelector"
is currently phrased as if the operation returns a list ("restricts the list of
returned objects") but this parameter is used on the deletecollection operation
and returns a status; change the first sentence to be operation-neutral (e.g.
"restricts the set of objects the operation applies to using a CEL-based shard
selector expression") so it accurately describes deletecollection and other
operations; update the "description" text associated with the "shardSelector"
parameter in the openapi JSON (the block containing "name": "shardSelector" and
its "schema") to use the new wording while leaving the rest of the
explanation/examples intact.
In `@api/openapi-spec/v3/apis__coordination.k8s.io__v1_openapi.json`:
- Around line 926-934: The shardSelector query-parameter schema objects
incorrectly include the array-only property "uniqueItems" while their "type" is
"string"; remove the "uniqueItems" field from each shardSelector parameter
schema (the six parameter entries named "shardSelector") so the schema is just {
"type": "string" } and does not include uniqueItems. Locate the entries by the
parameter name "shardSelector" in the OpenAPI JSON (the schema objects that
currently show "type": "string" and "uniqueItems": true) and delete the
uniqueItems line in each occurrence.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 8d5cc728-cd96-417c-b989-d1238f4f6e43
⛔ Files ignored due to path filters (25)
LICENSES/vendor/github.com/armon/circbuf/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/cenkalti/backoff/v4/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/cenkalti/backoff/v5/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/gregjones/httpcache/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/grpc-ecosystem/go-grpc-prometheus/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/karrick/godirwalk/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/libopenstorage/openstorage/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/mistifyio/go-zfs/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/mohae/deepcopy/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/mrunalp/fileutils/LICENSEis excluded by!**/vendor/**LICENSES/vendor/github.com/pkg/errors/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/metric/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/sdk/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.opentelemetry.io/otel/trace/LICENSEis excluded by!**/vendor/**LICENSES/vendor/go.uber.org/zap/LICENSEis excluded by!**/vendor/**LICENSES/vendor/k8s.io/utils/third_party/forked/golang/LICENSEis excluded by!**/vendor/**LICENSES/vendor/k8s.io/utils/third_party/forked/golang/btree/LICENSEis excluded by!**/vendor/**cmd/kubeadm/app/discovery/token/testdata/ca-cert.pemis excluded by!**/*.pemcmd/kubeadm/app/util/config/testdata/mynode.pemis excluded by!**/*.pem
📒 Files selected for processing (275)
.ci-operator.yaml.github/PULL_REQUEST_TEMPLATE.md.gitignore.go-versionCHANGELOG/CHANGELOG-1.10.mdCHANGELOG/CHANGELOG-1.11.mdCHANGELOG/CHANGELOG-1.12.mdCHANGELOG/CHANGELOG-1.13.mdCHANGELOG/CHANGELOG-1.14.mdCHANGELOG/CHANGELOG-1.15.mdCHANGELOG/CHANGELOG-1.16.mdCHANGELOG/CHANGELOG-1.17.mdCHANGELOG/CHANGELOG-1.18.mdCHANGELOG/CHANGELOG-1.19.mdCHANGELOG/CHANGELOG-1.2.mdCHANGELOG/CHANGELOG-1.20.mdCHANGELOG/CHANGELOG-1.21.mdCHANGELOG/CHANGELOG-1.22.mdCHANGELOG/CHANGELOG-1.23.mdCHANGELOG/CHANGELOG-1.24.mdCHANGELOG/CHANGELOG-1.25.mdCHANGELOG/CHANGELOG-1.26.mdCHANGELOG/CHANGELOG-1.27.mdCHANGELOG/CHANGELOG-1.28.mdCHANGELOG/CHANGELOG-1.29.mdCHANGELOG/CHANGELOG-1.3.mdCHANGELOG/CHANGELOG-1.30.mdCHANGELOG/CHANGELOG-1.31.mdCHANGELOG/CHANGELOG-1.32.mdCHANGELOG/CHANGELOG-1.33.mdCHANGELOG/CHANGELOG-1.34.mdCHANGELOG/CHANGELOG-1.35.mdCHANGELOG/CHANGELOG-1.36.mdCHANGELOG/CHANGELOG-1.4.mdCHANGELOG/CHANGELOG-1.5.mdCHANGELOG/CHANGELOG-1.6.mdCHANGELOG/CHANGELOG-1.7.mdCHANGELOG/CHANGELOG-1.8.mdCHANGELOG/CHANGELOG-1.9.mdCHANGELOG/README.mdOWNERS_ALIASESapi/api-rules/sample_controller_violation_exceptions.listapi/api-rules/violation_exceptions.listapi/discovery/aggregated_v2.jsonapi/discovery/apis.jsonapi/discovery/apis__admissionregistration.k8s.io__v1.jsonapi/discovery/apis__resource.k8s.io__v1alpha3.jsonapi/discovery/apis__resource.k8s.io__v1beta2.jsonapi/discovery/apis__scheduling.k8s.io.jsonapi/discovery/apis__scheduling.k8s.io__v1alpha1.jsonapi/discovery/apis__scheduling.k8s.io__v1alpha2.jsonapi/discovery/apis__storage.k8s.io__v1.jsonapi/discovery/apis__storage.k8s.io__v1beta1.jsonapi/openapi-spec/README.mdapi/openapi-spec/swagger.jsonapi/openapi-spec/v3/api__v1_openapi.jsonapi/openapi-spec/v3/apis__admissionregistration.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__admissionregistration.k8s.io__v1alpha1_openapi.jsonapi/openapi-spec/v3/apis__admissionregistration.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__apiregistration.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__apps__v1_openapi.jsonapi/openapi-spec/v3/apis__authentication.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__authorization.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__autoscaling__v1_openapi.jsonapi/openapi-spec/v3/apis__autoscaling__v2_openapi.jsonapi/openapi-spec/v3/apis__batch__v1_openapi.jsonapi/openapi-spec/v3/apis__certificates.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__certificates.k8s.io__v1alpha1_openapi.jsonapi/openapi-spec/v3/apis__certificates.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__coordination.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__coordination.k8s.io__v1alpha2_openapi.jsonapi/openapi-spec/v3/apis__coordination.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__discovery.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__events.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__flowcontrol.apiserver.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__internal.apiserver.k8s.io__v1alpha1_openapi.jsonapi/openapi-spec/v3/apis__networking.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__networking.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__node.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__policy__v1_openapi.jsonapi/openapi-spec/v3/apis__rbac.authorization.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__resource.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__resource.k8s.io__v1alpha3_openapi.jsonapi/openapi-spec/v3/apis__resource.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__resource.k8s.io__v1beta2_openapi.jsonapi/openapi-spec/v3/apis__scheduling.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__scheduling.k8s.io__v1alpha1_openapi.jsonapi/openapi-spec/v3/apis__scheduling.k8s.io__v1alpha2_openapi.jsonapi/openapi-spec/v3/apis__storage.k8s.io__v1_openapi.jsonapi/openapi-spec/v3/apis__storage.k8s.io__v1beta1_openapi.jsonapi/openapi-spec/v3/apis__storagemigration.k8s.io__v1beta1_openapi.jsonbuild/build-image/cross/VERSIONbuild/common.shbuild/dependencies.yamlbuild/lib/release.shbuild/nsswitch.confbuild/pause/CHANGELOG.mdbuild/pause/Dockerfile.Rhelbuild/pause/Makefilebuild/server-image/Dockerfilebuild/server-image/kube-apiserver/Dockerfilebuild/tools.gocluster/addons/dns/coredns/coredns.yaml.basecluster/addons/dns/coredns/coredns.yaml.incluster/addons/dns/coredns/coredns.yaml.sedcluster/addons/dns/kube-dns/kube-dns.yaml.basecluster/addons/dns/kube-dns/kube-dns.yaml.incluster/addons/dns/kube-dns/kube-dns.yaml.sedcluster/addons/dns/nodelocaldns/nodelocaldns.yamlcluster/addons/kube-proxy/OWNERScluster/addons/kube-proxy/kube-proxy-ds.yamlcluster/addons/kube-proxy/kube-proxy-rbac.yamlcluster/addons/volumesnapshots/volume-snapshot-controller/volume-snapshot-controller-deployment.yamlcluster/gce/addons/konnectivity-agent/konnectivity-agent-ds.yamlcluster/gce/config-common.shcluster/gce/config-default.shcluster/gce/config-test.shcluster/gce/gci/configure-helper.shcluster/gce/gci/configure.shcluster/gce/gci/master.yamlcluster/gce/gci/mounter/mounter.gocluster/gce/gci/node.yamlcluster/gce/manifests/cloud-controller-manager.manifestcluster/gce/manifests/etcd.manifestcluster/gce/manifests/konnectivity-server.yamlcluster/gce/manifests/kube-proxy.manifestcluster/gce/upgrade-aliases.shcluster/gce/util.shcluster/gce/windows/k8s-node-setup.psm1cluster/gce/windows/smoke-test.shcluster/images/etcd/Dockerfilecluster/images/etcd/Dockerfile.windowscluster/images/etcd/Makefilecluster/images/etcd/OWNERScluster/images/etcd/README.mdcluster/images/etcd/cloudbuild.yamlcluster/images/etcd/migrate-if-needed.batcluster/images/etcd/migrate-if-needed.shcluster/images/etcd/migrate/copy_file.gocluster/images/etcd/migrate/data_dir.gocluster/images/etcd/migrate/data_dir_test.gocluster/images/etcd/migrate/integration_test.gocluster/images/etcd/migrate/migrate.gocluster/images/etcd/migrate/migrate_client.gocluster/images/etcd/migrate/migrate_server.gocluster/images/etcd/migrate/migrator.gocluster/images/etcd/migrate/options.gocluster/images/etcd/migrate/options_test.gocluster/images/etcd/migrate/testdata/datadir_with_version/version.txtcluster/images/etcd/migrate/testdata/datadir_without_version/.placeholdercluster/images/etcd/migrate/util_others.gocluster/images/etcd/migrate/utils_windows.gocluster/images/etcd/migrate/versions.gocluster/images/etcd/migrate/versions_test.gocmd/cloud-controller-manager/.import-restrictionscmd/genfeaturegates/genfeaturegates.gocmd/kube-apiserver/OWNERScmd/kube-apiserver/app/aggregator.gocmd/kube-apiserver/app/testing/testserver.gocmd/kube-controller-manager/app/batch.gocmd/kube-controller-manager/app/controller_descriptor.gocmd/kube-controller-manager/app/controllermanager.gocmd/kube-controller-manager/app/controllermanager_test.gocmd/kube-controller-manager/app/core.gocmd/kube-controller-manager/app/options/options.gocmd/kube-controller-manager/app/options/options_test.gocmd/kube-controller-manager/app/options/resourceclaimcontroller.gocmd/kube-controller-manager/app/plugins.gocmd/kube-controller-manager/app/plugins_providers.gocmd/kube-controller-manager/app/plugins_test.gocmd/kube-controller-manager/app/resource.gocmd/kube-controller-manager/app/scheduling.gocmd/kube-controller-manager/app/scheduling_test.gocmd/kube-controller-manager/app/storageversionmigrator.gocmd/kube-controller-manager/app/testing/testserver.gocmd/kube-controller-manager/names/controller_names.gocmd/kube-proxy/app/conntrack.gocmd/kube-proxy/app/init_linux.gocmd/kube-proxy/app/init_other.gocmd/kube-proxy/app/init_windows.gocmd/kube-proxy/app/options.gocmd/kube-proxy/app/server.gocmd/kube-proxy/app/server_linux.gocmd/kube-proxy/app/server_linux_test.gocmd/kube-proxy/app/server_other.gocmd/kube-proxy/app/server_test.gocmd/kube-proxy/app/server_windows.gocmd/kube-scheduler/app/options/options.gocmd/kube-scheduler/app/options/options_test.gocmd/kube-scheduler/app/server.gocmd/kubeadm/app/apis/kubeadm/v1beta3/defaults_unix.gocmd/kubeadm/app/apis/kubeadm/v1beta3/defaults_windows.gocmd/kubeadm/app/apis/kubeadm/v1beta4/defaults_unix.gocmd/kubeadm/app/apis/kubeadm/v1beta4/defaults_windows.gocmd/kubeadm/app/apis/kubeadm/validation/util_unix.gocmd/kubeadm/app/apis/kubeadm/validation/util_windows.gocmd/kubeadm/app/cmd/certs_test.gocmd/kubeadm/app/cmd/config.gocmd/kubeadm/app/cmd/init.gocmd/kubeadm/app/cmd/options/constant.gocmd/kubeadm/app/cmd/phases/init/data.gocmd/kubeadm/app/cmd/phases/init/data_test.gocmd/kubeadm/app/cmd/phases/init/kubeletfinalize.gocmd/kubeadm/app/cmd/phases/init/uploadconfig.gocmd/kubeadm/app/cmd/phases/join/controlplanejoin.gocmd/kubeadm/app/cmd/phases/join/data.gocmd/kubeadm/app/cmd/phases/join/data_test.gocmd/kubeadm/app/cmd/phases/join/kubelet.gocmd/kubeadm/app/cmd/phases/reset/cleanupnode.gocmd/kubeadm/app/cmd/phases/reset/data.gocmd/kubeadm/app/cmd/phases/reset/data_test.gocmd/kubeadm/app/cmd/phases/reset/removeetcdmember_test.gocmd/kubeadm/app/cmd/phases/reset/testdata/etcd-pod-without-data-volume.yamlcmd/kubeadm/app/cmd/phases/reset/testdata/etcd-pod.yamlcmd/kubeadm/app/cmd/phases/reset/unmount.gocmd/kubeadm/app/cmd/phases/reset/unmount_linux.gocmd/kubeadm/app/cmd/phases/reset/unmount_linux_test.gocmd/kubeadm/app/cmd/phases/upgrade/apply/uploadconfig.gocmd/kubeadm/app/cmd/phases/upgrade/data.gocmd/kubeadm/app/cmd/phases/upgrade/data_test.gocmd/kubeadm/app/cmd/phases/upgrade/postupgrade.gocmd/kubeadm/app/cmd/reset.gocmd/kubeadm/app/cmd/testdata/token-config.yamlcmd/kubeadm/app/cmd/token_test.gocmd/kubeadm/app/cmd/upgrade/common_test.gocmd/kubeadm/app/cmd/upgrade/plan.gocmd/kubeadm/app/cmd/upgrade/testdata/config-token.yamlcmd/kubeadm/app/cmd/util_other_test.gocmd/kubeadm/app/cmd/util_windows_test.gocmd/kubeadm/app/componentconfigs/kubelet_unix.gocmd/kubeadm/app/componentconfigs/kubelet_unix_test.gocmd/kubeadm/app/componentconfigs/kubelet_windows.gocmd/kubeadm/app/componentconfigs/kubelet_windows_test.gocmd/kubeadm/app/constants/constants.gocmd/kubeadm/app/constants/constants_test.gocmd/kubeadm/app/constants/constants_unix.gocmd/kubeadm/app/constants/constants_windows.gocmd/kubeadm/app/discovery/discovery.gocmd/kubeadm/app/discovery/discovery_test.gocmd/kubeadm/app/discovery/testdata/ca.crtcmd/kubeadm/app/discovery/token/testdata/expected-kubeconfig.yamlcmd/kubeadm/app/discovery/token/token_test.gocmd/kubeadm/app/features/features.gocmd/kubeadm/app/phases/addons/dns/dns_test.gocmd/kubeadm/app/phases/controlplane/manifests_test.gocmd/kubeadm/app/phases/controlplane/volumes.gocmd/kubeadm/app/phases/controlplane/volumes_test.gocmd/kubeadm/app/phases/copycerts/testutil_umask.gocmd/kubeadm/app/phases/copycerts/testutil_umask_noop.gocmd/kubeadm/app/phases/etcd/local.gocmd/kubeadm/app/phases/etcd/local_test.gocmd/kubeadm/app/phases/upgrade/health.gocmd/kubeadm/app/preflight/checks.gocmd/kubeadm/app/preflight/checks_darwin.gocmd/kubeadm/app/preflight/checks_linux.gocmd/kubeadm/app/preflight/checks_other.gocmd/kubeadm/app/preflight/checks_unix.gocmd/kubeadm/app/preflight/checks_windows.gocmd/kubeadm/app/util/apiclient/wait.gocmd/kubeadm/app/util/chroot_unix.gocmd/kubeadm/app/util/chroot_windows.gocmd/kubeadm/app/util/config/cluster_test.gocmd/kubeadm/app/util/config/common.gocmd/kubeadm/app/util/config/common_test.gocmd/kubeadm/app/util/config/testdata/kubelet-with-embedded-cert.yamlcmd/kubeadm/app/util/config/testdata/kubelet-with-invalid-context.yamlcmd/kubeadm/app/util/config/testdata/kubelet-with-invalid-user.yamlcmd/kubeadm/app/util/config/testdata/kubelet-with-linked-cert.yamlcmd/kubeadm/app/util/config/testdata/kubelet-without-cert.yamlcmd/kubeadm/app/util/config/upgradeconfiguration.gocmd/kubeadm/app/util/copy_unix.gocmd/kubeadm/app/util/copy_windows.gocmd/kubeadm/app/util/etcd/etcd.gocmd/kubeadm/app/util/initsystem/initsystem_unix.go
💤 Files with no reviewable changes (1)
- api/discovery/apis__scheduling.k8s.io__v1alpha1.json
✅ Files skipped from review due to trivial changes (20)
- .go-version
- api/discovery/apis__storage.k8s.io__v1beta1.json
- CHANGELOG/README.md
- .github/PULL_REQUEST_TEMPLATE.md
- .gitignore
- api/discovery/apis__scheduling.k8s.io.json
- api/api-rules/sample_controller_violation_exceptions.list
- api/discovery/apis__storage.k8s.io__v1.json
- api/discovery/apis__scheduling.k8s.io__v1alpha2.json
- .ci-operator.yaml
- api/discovery/apis__resource.k8s.io__v1alpha3.json
- api/openapi-spec/v3/apis__authentication.k8s.io__v1_openapi.json
- api/discovery/apis.json
- api/api-rules/violation_exceptions.list
- OWNERS_ALIASES
- api/discovery/aggregated_v2.json
- CHANGELOG/CHANGELOG-1.35.md
- api/openapi-spec/README.md
- api/openapi-spec/v3/apis__certificates.k8s.io__v1beta1_openapi.json
- api/openapi-spec/v3/apis__batch__v1_openapi.json
🚧 Files skipped from review as they are similar to previous changes (13)
- api/discovery/apis__resource.k8s.io__v1beta2.json
- api/discovery/apis__admissionregistration.k8s.io__v1.json
- api/openapi-spec/v3/apis__certificates.k8s.io__v1alpha1_openapi.json
- api/openapi-spec/v3/apis__apiregistration.k8s.io__v1_openapi.json
- api/openapi-spec/v3/apis__authorization.k8s.io__v1_openapi.json
- api/openapi-spec/v3/apis__coordination.k8s.io__v1beta1_openapi.json
- api/openapi-spec/v3/apis__discovery.k8s.io__v1_openapi.json
- api/openapi-spec/v3/apis__apiextensions.k8s.io__v1_openapi.json
- api/openapi-spec/v3/apis__events.k8s.io__v1_openapi.json
- api/openapi-spec/v3/apis__admissionregistration.k8s.io__v1beta1_openapi.json
- api/openapi-spec/v3/apis__admissionregistration.k8s.io__v1alpha1_openapi.json
- api/openapi-spec/v3/apis__flowcontrol.apiserver.k8s.io__v1_openapi.json
- api/openapi-spec/v3/apis__autoscaling__v1_openapi.json
Comment on lines
+6447
to
+6455
| { | ||
| "description": "shardSelector restricts the list of returned objects using a CEL-based shard selector expression. The format uses the shardRange() function combined with || (logical OR) to specify one or more hash ranges:\n\n shardRange(object.metadata.uid, '0x0', '0x8000000000000000')\n shardRange(object.metadata.uid, '0x0', '0x8000000000000000') || shardRange(object.metadata.uid, '0x8000000000000000', '0x10000000000000000')\n\nField paths use CEL-style object-rooted syntax (e.g. \"object.metadata.uid\"), NOT the fieldSelector format (\"metadata.uid\"). Currently supported paths:\n - object.metadata.uid\n - object.metadata.namespace\n\nhexStart and hexEnd are single-quoted CEL string literals with a '0x' prefix, defining the inclusive lower and exclusive upper bounds over the 64-bit FNV-1a hash space. The full range is [0x0, 0x10000000000000000), where the exclusive upper bound equals 2^64.\n\nExamples:\n 2-shard split:\n shard 0: shardRange(object.metadata.uid, '0x0000000000000000', '0x8000000000000000')\n shard 1: shardRange(object.metadata.uid, '0x8000000000000000', '0x10000000000000000')\n 4-shard split:\n shard 0: shardRange(object.metadata.uid, '0x0000000000000000', '0x4000000000000000')\n shard 1: shardRange(object.metadata.uid, '0x4000000000000000', '0x8000000000000000')\n shard 2: shardRange(object.metadata.uid, '0x8000000000000000', '0xc000000000000000')\n shard 3: shardRange(object.metadata.uid, '0xc000000000000000', '0x10000000000000000')\n\nThis is an alpha field and requires enabling the ShardedListAndWatch feature gate.", | ||
| "in": "query", | ||
| "name": "shardSelector", | ||
| "schema": { | ||
| "type": "string", | ||
| "uniqueItems": true | ||
| } | ||
| }, |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify every repeated shardSelector parameter block that still carries `uniqueItems: true`.
rg -nUP '"name": "shardSelector"\n(?:.*\n){0,8}\s*"uniqueItems": true' api/openapi-spec/v3/apis__apps__v1_openapi.jsonRepository: openshift/kubernetes
Length of output: 46
🏁 Script executed:
sed -n '6447,6455p' api/openapi-spec/v3/apis__apps__v1_openapi.jsonRepository: openshift/kubernetes
Length of output: 1839
🏁 Script executed:
rg 'uniqueItems' api/openapi-spec/v3/apis__apps__v1_openapi.json -nRepository: openshift/kubernetes
Length of output: 21280
🏁 Script executed:
# Sample a few uniqueItems occurrences to understand their context
for line_num in 6453 6462 6542 6827; do
echo "=== Context around line $line_num ==="
sed -n "$((line_num-3)),$((line_num+1))p" api/openapi-spec/v3/apis__apps__v1_openapi.json
doneRepository: openshift/kubernetes
Length of output: 734
Remove uniqueItems from string/scalar parameter schemas in the generator template.
uniqueItems is only valid for array schemas per JSON Schema and OpenAPI 3.0.3 specifications. It appears on non-array types throughout this generated file (e.g., shardSelector at line 6453 is a string, timeoutSeconds is an integer, allowWatchBookmarks is a boolean). These instances are dead metadata that can trigger semantic warnings in OpenAPI linting and codegen tools. Fix this in the common generator template so all generated specs are corrected together.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@api/openapi-spec/v3/apis__apps__v1_openapi.json` around lines 6447 - 6455,
The OpenAPI generator template is emitting invalid "uniqueItems" on non-array
parameter schemas (e.g., the "shardSelector" query parameter schema is a string
but includes "uniqueItems": true); update the generator template to only emit
"uniqueItems" when the schema.type is "array" (or when an array schema object is
being rendered) so scalar types (string, integer, boolean) never get a
uniqueItems property; search for the templated parameter rendering code that
outputs "uniqueItems" (used for parameters like shardSelector, timeoutSeconds,
allowWatchBookmarks) and wrap or gate that emission with a check for schema.type
== "array" (or equivalent template helper) so generated specs no longer include
dead/invalid metadata.
Comment on lines
+992
to
+999
| { | ||
| "description": "shardSelector restricts the list of returned objects using a CEL-based shard selector expression. The format uses the shardRange() function combined with || (logical OR) to specify one or more hash ranges:\n\n shardRange(object.metadata.uid, '0x0', '0x8000000000000000')\n shardRange(object.metadata.uid, '0x0', '0x8000000000000000') || shardRange(object.metadata.uid, '0x8000000000000000', '0x10000000000000000')\n\nField paths use CEL-style object-rooted syntax (e.g. \"object.metadata.uid\"), NOT the fieldSelector format (\"metadata.uid\"). Currently supported paths:\n - object.metadata.uid\n - object.metadata.namespace\n\nhexStart and hexEnd are single-quoted CEL string literals with a '0x' prefix, defining the inclusive lower and exclusive upper bounds over the 64-bit FNV-1a hash space. The full range is [0x0, 0x10000000000000000), where the exclusive upper bound equals 2^64.\n\nExamples:\n 2-shard split:\n shard 0: shardRange(object.metadata.uid, '0x0000000000000000', '0x8000000000000000')\n shard 1: shardRange(object.metadata.uid, '0x8000000000000000', '0x10000000000000000')\n 4-shard split:\n shard 0: shardRange(object.metadata.uid, '0x0000000000000000', '0x4000000000000000')\n shard 1: shardRange(object.metadata.uid, '0x4000000000000000', '0x8000000000000000')\n shard 2: shardRange(object.metadata.uid, '0x8000000000000000', '0xc000000000000000')\n shard 3: shardRange(object.metadata.uid, '0xc000000000000000', '0x10000000000000000')\n\nThis is an alpha field and requires enabling the ShardedListAndWatch feature gate.", | ||
| "in": "query", | ||
| "name": "shardSelector", | ||
| "schema": { | ||
| "type": "string", | ||
| "uniqueItems": true | ||
| } |
There was a problem hiding this comment.
Clarify shardSelector description for DELETE collection.
At Line 993, the text says it “restricts the list of returned objects,” but this operation is deletecollection (Line 880) and returns a status object. The first sentence should be operation-neutral (or delete-specific) to avoid API-doc confusion.
✏️ Suggested wording tweak
- "description": "shardSelector restricts the list of returned objects using a CEL-based shard selector expression. ...
+ "description": "shardSelector restricts the objects targeted by this request using a CEL-based shard selector expression. ...📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| { | |
| "description": "shardSelector restricts the list of returned objects using a CEL-based shard selector expression. The format uses the shardRange() function combined with || (logical OR) to specify one or more hash ranges:\n\n shardRange(object.metadata.uid, '0x0', '0x8000000000000000')\n shardRange(object.metadata.uid, '0x0', '0x8000000000000000') || shardRange(object.metadata.uid, '0x8000000000000000', '0x10000000000000000')\n\nField paths use CEL-style object-rooted syntax (e.g. \"object.metadata.uid\"), NOT the fieldSelector format (\"metadata.uid\"). Currently supported paths:\n - object.metadata.uid\n - object.metadata.namespace\n\nhexStart and hexEnd are single-quoted CEL string literals with a '0x' prefix, defining the inclusive lower and exclusive upper bounds over the 64-bit FNV-1a hash space. The full range is [0x0, 0x10000000000000000), where the exclusive upper bound equals 2^64.\n\nExamples:\n 2-shard split:\n shard 0: shardRange(object.metadata.uid, '0x0000000000000000', '0x8000000000000000')\n shard 1: shardRange(object.metadata.uid, '0x8000000000000000', '0x10000000000000000')\n 4-shard split:\n shard 0: shardRange(object.metadata.uid, '0x0000000000000000', '0x4000000000000000')\n shard 1: shardRange(object.metadata.uid, '0x4000000000000000', '0x8000000000000000')\n shard 2: shardRange(object.metadata.uid, '0x8000000000000000', '0xc000000000000000')\n shard 3: shardRange(object.metadata.uid, '0xc000000000000000', '0x10000000000000000')\n\nThis is an alpha field and requires enabling the ShardedListAndWatch feature gate.", | |
| "in": "query", | |
| "name": "shardSelector", | |
| "schema": { | |
| "type": "string", | |
| "uniqueItems": true | |
| } | |
| { | |
| "description": "shardSelector restricts the objects targeted by this request using a CEL-based shard selector expression. The format uses the shardRange() function combined with || (logical OR) to specify one or more hash ranges:\n\n shardRange(object.metadata.uid, '0x0', '0x8000000000000000')\n shardRange(object.metadata.uid, '0x0', '0x8000000000000000') || shardRange(object.metadata.uid, '0x8000000000000000', '0x10000000000000000')\n\nField paths use CEL-style object-rooted syntax (e.g. \"object.metadata.uid\"), NOT the fieldSelector format (\"metadata.uid\"). Currently supported paths:\n - object.metadata.uid\n - object.metadata.namespace\n\nhexStart and hexEnd are single-quoted CEL string literals with a '0x' prefix, defining the inclusive lower and exclusive upper bounds over the 64-bit FNV-1a hash space. The full range is [0x0, 0x10000000000000000), where the exclusive upper bound equals 2^64.\n\nExamples:\n 2-shard split:\n shard 0: shardRange(object.metadata.uid, '0x0000000000000000', '0x8000000000000000')\n shard 1: shardRange(object.metadata.uid, '0x8000000000000000', '0x10000000000000000')\n 4-shard split:\n shard 0: shardRange(object.metadata.uid, '0x0000000000000000', '0x4000000000000000')\n shard 1: shardRange(object.metadata.uid, '0x4000000000000000', '0x8000000000000000')\n shard 2: shardRange(object.metadata.uid, '0x8000000000000000', '0xc000000000000000')\n shard 3: shardRange(object.metadata.uid, '0xc000000000000000', '0x10000000000000000')\n\nThis is an alpha field and requires enabling the ShardedListAndWatch feature gate.", | |
| "in": "query", | |
| "name": "shardSelector", | |
| "schema": { | |
| "type": "string", | |
| "uniqueItems": true | |
| } |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@api/openapi-spec/v3/apis__certificates.k8s.io__v1_openapi.json` around lines
992 - 999, The description for the query parameter "shardSelector" is currently
phrased as if the operation returns a list ("restricts the list of returned
objects") but this parameter is used on the deletecollection operation and
returns a status; change the first sentence to be operation-neutral (e.g.
"restricts the set of objects the operation applies to using a CEL-based shard
selector expression") so it accurately describes deletecollection and other
operations; update the "description" text associated with the "shardSelector"
parameter in the openapi JSON (the block containing "name": "shardSelector" and
its "schema") to use the new wording while leaving the rest of the
explanation/examples intact.
Comment on lines
+926
to
+934
| { | ||
| "description": "shardSelector restricts the list of returned objects using a CEL-based shard selector expression. The format uses the shardRange() function combined with || (logical OR) to specify one or more hash ranges:\n\n shardRange(object.metadata.uid, '0x0', '0x8000000000000000')\n shardRange(object.metadata.uid, '0x0', '0x8000000000000000') || shardRange(object.metadata.uid, '0x8000000000000000', '0x10000000000000000')\n\nField paths use CEL-style object-rooted syntax (e.g. \"object.metadata.uid\"), NOT the fieldSelector format (\"metadata.uid\"). Currently supported paths:\n - object.metadata.uid\n - object.metadata.namespace\n\nhexStart and hexEnd are single-quoted CEL string literals with a '0x' prefix, defining the inclusive lower and exclusive upper bounds over the 64-bit FNV-1a hash space. The full range is [0x0, 0x10000000000000000), where the exclusive upper bound equals 2^64.\n\nExamples:\n 2-shard split:\n shard 0: shardRange(object.metadata.uid, '0x0000000000000000', '0x8000000000000000')\n shard 1: shardRange(object.metadata.uid, '0x8000000000000000', '0x10000000000000000')\n 4-shard split:\n shard 0: shardRange(object.metadata.uid, '0x0000000000000000', '0x4000000000000000')\n shard 1: shardRange(object.metadata.uid, '0x4000000000000000', '0x8000000000000000')\n shard 2: shardRange(object.metadata.uid, '0x8000000000000000', '0xc000000000000000')\n shard 3: shardRange(object.metadata.uid, '0xc000000000000000', '0x10000000000000000')\n\nThis is an alpha field and requires enabling the ShardedListAndWatch feature gate.", | ||
| "in": "query", | ||
| "name": "shardSelector", | ||
| "schema": { | ||
| "type": "string", | ||
| "uniqueItems": true | ||
| } | ||
| }, |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
for f in $(fd -a 'apis__coordination.k8s.io__v(1|1alpha2)_openapi.json' api/openapi-spec/v3); do
python - "$f" <<'PY'
import json, sys
path = sys.argv[1]
doc = json.load(open(path))
bad = []
def walk(node, p):
if isinstance(node, dict):
if node.get("name") == "shardSelector" and isinstance(node.get("schema"), dict):
s = node["schema"]
if "uniqueItems" in s and s.get("type") != "array":
bad.append((p + "/schema", s.get("type"), s.get("uniqueItems")))
for k, v in node.items():
walk(v, f"{p}/{k}")
elif isinstance(node, list):
for i, v in enumerate(node):
walk(v, f"{p}/{i}")
walk(doc, "$")
if bad:
print(path)
for ptr, t, u in bad:
print(f" {ptr}: type={t}, uniqueItems={u}")
PY
doneRepository: openshift/kubernetes
Length of output: 1750
🏁 Script executed:
#!/bin/bash
# Check the specific lines mentioned in the review comment for the v1 file
FILE="api/openapi-spec/v3/apis__coordination.k8s.io__v1_openapi.json"
echo "=== Line ranges mentioned in review ==="
echo "Lines 926-934:"
sed -n '926,934p' "$FILE" | head -20
echo ""
echo "Lines 1068-1076:"
sed -n '1068,1076p' "$FILE" | head -20
echo ""
echo "Lines 1212-1220:"
sed -n '1212,1220p' "$FILE" | head -20
echo ""
echo "=== Count of all shardSelector occurrences ==="
grep -c '"shardSelector"' "$FILE"
echo ""
echo "=== All shardSelector occurrences with line numbers ==="
grep -n '"shardSelector"' "$FILE"Repository: openshift/kubernetes
Length of output: 5866
Remove uniqueItems from shardSelector string schemas.
These shardSelector parameters have type: string with uniqueItems: true. The uniqueItems constraint only applies to arrays per the OpenAPI specification. Keeping it can break strict OpenAPI validation and code generation.
All six occurrences (lines 926–934, 1068–1076, 1212–1220, 2033–2041, 2213–2221, 2403–2411) must be updated to remove uniqueItems.
Proposed fix
"schema": {
- "type": "string",
- "uniqueItems": true
+ "type": "string"
}Apply this change to all six shardSelector occurrences in the file.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| { | |
| "description": "shardSelector restricts the list of returned objects using a CEL-based shard selector expression. The format uses the shardRange() function combined with || (logical OR) to specify one or more hash ranges:\n\n shardRange(object.metadata.uid, '0x0', '0x8000000000000000')\n shardRange(object.metadata.uid, '0x0', '0x8000000000000000') || shardRange(object.metadata.uid, '0x8000000000000000', '0x10000000000000000')\n\nField paths use CEL-style object-rooted syntax (e.g. \"object.metadata.uid\"), NOT the fieldSelector format (\"metadata.uid\"). Currently supported paths:\n - object.metadata.uid\n - object.metadata.namespace\n\nhexStart and hexEnd are single-quoted CEL string literals with a '0x' prefix, defining the inclusive lower and exclusive upper bounds over the 64-bit FNV-1a hash space. The full range is [0x0, 0x10000000000000000), where the exclusive upper bound equals 2^64.\n\nExamples:\n 2-shard split:\n shard 0: shardRange(object.metadata.uid, '0x0000000000000000', '0x8000000000000000')\n shard 1: shardRange(object.metadata.uid, '0x8000000000000000', '0x10000000000000000')\n 4-shard split:\n shard 0: shardRange(object.metadata.uid, '0x0000000000000000', '0x4000000000000000')\n shard 1: shardRange(object.metadata.uid, '0x4000000000000000', '0x8000000000000000')\n shard 2: shardRange(object.metadata.uid, '0x8000000000000000', '0xc000000000000000')\n shard 3: shardRange(object.metadata.uid, '0xc000000000000000', '0x10000000000000000')\n\nThis is an alpha field and requires enabling the ShardedListAndWatch feature gate.", | |
| "in": "query", | |
| "name": "shardSelector", | |
| "schema": { | |
| "type": "string", | |
| "uniqueItems": true | |
| } | |
| }, | |
| { | |
| "description": "shardSelector restricts the list of returned objects using a CEL-based shard selector expression. The format uses the shardRange() function combined with || (logical OR) to specify one or more hash ranges:\n\n shardRange(object.metadata.uid, '0x0', '0x8000000000000000')\n shardRange(object.metadata.uid, '0x0', '0x8000000000000000') || shardRange(object.metadata.uid, '0x8000000000000000', '0x10000000000000000')\n\nField paths use CEL-style object-rooted syntax (e.g. \"object.metadata.uid\"), NOT the fieldSelector format (\"metadata.uid\"). Currently supported paths:\n - object.metadata.uid\n - object.metadata.namespace\n\nhexStart and hexEnd are single-quoted CEL string literals with a '0x' prefix, defining the inclusive lower and exclusive upper bounds over the 64-bit FNV-1a hash space. The full range is [0x0, 0x10000000000000000), where the exclusive upper bound equals 2^64.\n\nExamples:\n 2-shard split:\n shard 0: shardRange(object.metadata.uid, '0x0000000000000000', '0x8000000000000000')\n shard 1: shardRange(object.metadata.uid, '0x8000000000000000', '0x10000000000000000')\n 4-shard split:\n shard 0: shardRange(object.metadata.uid, '0x0000000000000000', '0x4000000000000000')\n shard 1: shardRange(object.metadata.uid, '0x4000000000000000', '0x8000000000000000')\n shard 2: shardRange(object.metadata.uid, '0x8000000000000000', '0xc000000000000000')\n shard 3: shardRange(object.metadata.uid, '0xc000000000000000', '0x10000000000000000')\n\nThis is an alpha field and requires enabling the ShardedListAndWatch feature gate.", | |
| "in": "query", | |
| "name": "shardSelector", | |
| "schema": { | |
| "type": "string" | |
| } | |
| }, |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@api/openapi-spec/v3/apis__coordination.k8s.io__v1_openapi.json` around lines
926 - 934, The shardSelector query-parameter schema objects incorrectly include
the array-only property "uniqueItems" while their "type" is "string"; remove the
"uniqueItems" field from each shardSelector parameter schema (the six parameter
entries named "shardSelector") so the schema is just { "type": "string" } and
does not include uniqueItems. Locate the entries by the parameter name
"shardSelector" in the OpenAPI JSON (the schema objects that currently show
"type": "string" and "uniqueItems": true) and delete the uniqueItems line in
each occurrence.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
What this PR does / why we need it:
Which issue(s) this PR is related to:
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
Summary by CodeRabbit
New Features
Infrastructure
Documentation