Fix CRD markers #4178

KillianGolds · 2025-10-16T14:48:12Z

What type of PR is this?

/kind bug
/kind cleanup

What this PR does / why we need it:

This PR fixes several incorrect kubebuilder validation markers in the gateway-api repository, similar to the fixes made in kubernetes-sigs/gateway-api-inference-extension#1679.

Background:

These validation errors were discovered while migrating KServe to use gateway-api-inference-extension (GIE) v1. During that migration work, running controller-gen crd exposed validation marker issues in the GIE repository, which were fixed and merged in kubernetes-sigs/gateway-api-inference-extension#1679.

After that fix was merged, continuing the KServe migration work revealed similar validation errors in the gateway-api repository itself. These errors affect downstream consumers like KServe who run controller-tools gen as part of their build process.

The reason these issues haven't been caught previously is that gateway-api wasn't running controller-gen crd validation as part of its build process. This PR both fixes the existing validation errors and adds the validation step to prevent future issues.

Changes:

Restored port validation for XListenerSet (apisx/v1alpha1):
- Moved PortNumber type definition from v1 to v1alpha1/shared_types.go with validation (range 0–65535)
- Added StatusPortNumber type in v1alpha1/shared_types.go with validation (range 1–65535)
- Removed invalid Minimum/Maximum markers from Port fields in xlistenerset_types.go (validation now handled at type level)
- Updated status Port field to use StatusPortNumber type
Removed invalid printcolumn marker (apis/v1alpha2):
- Removed +kubebuilder:printcolumn marker from v1alpha2 ReferenceGrant, which is marked with +kubebuilder:skipversion
Added CRD marker validation to build process:
- Enhanced hack/update-clientset.sh to run controller-gen CRD validation during builds

Which issue(s) this PR fixes:

Fixes validation errors that affect downstream consumers like KServe who run controller-gen during their build process. These were discovered during KServe migration to GIE v1, following the same issues fixed in kubernetes-sigs/gateway-api-inference-extension#1679.

Does this PR introduce a user-facing change?:

NONE

Documentation References:

This commit corrects several invalid Kubebuilder validation markers that caused controller-gen validation errors. Changes: Removed +listType=atomic from non-array fields: gateway_types.go: Namespaces *RouteNamespaces (line 806) backendtlspolicy_types.go: WellKnownCACertificates (line 192) Replaced MaxLength with MaxItems for array fields: httproute_types.go: AllowedRequestHeaders []string (lines 1674, 1722) httproute_types.go: AllowedResponseHeaders []string (line 1733) Removed Minimum/Maximum from non-primitive fields: xlistenerset_types.go: Port PortNumber (lines 170, 255) Added CRD marker validation to hack/update-clientset.sh to detect invalid markers during development and CI. These fixes ensure validation markers are applied only to compatible field types. Signed-off-by: Killian Golds <[email protected]>

Addresses reviewers feedback by moving validation to the type level. Creates StatusPortNumber for status fields requiring valid ports (1-65535). Signed-off-by: Killian Golds <[email protected]>

k8s-ci-robot · 2025-10-16T14:48:23Z

Hi @KillianGolds. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

KillianGolds · 2025-10-16T15:17:47Z

/cc @rikatz

rikatz · 2025-10-16T16:02:07Z

/ok-to-test

The v1alpha2 ReferenceGrant type is marked with +kubebuilder:skipversion, meaning no CRD is generated for this version (it’s just an alias to v1beta1). The +kubebuilder:printcolumn marker cannot be applied to a skipped version. This issue was uncovered by the CRD marker validation added in the previous commit. The printcolumn is already correctly defined in v1beta1 and does not need to be duplicated here. Signed-off-by: Killian Golds <[email protected]>

apis/v1alpha2/referencegrant_types.go

rikatz · 2025-10-16T18:26:00Z

nit: mostly of the description of the PR is wrong now, as you are:

moving the portnumber
removing the age from a skipped generation version

otherwise looks good to me, thanks for catching this!

Original discussion: #4172

My proposal is that once this gets merged, if we decide to port it to release 1.4, cherry-pick the commits from PR https://github.com/kubernetes-sigs/gateway-api/pull/4158/files and this to release 1.4
/lgtm

rikatz · 2025-10-16T18:36:57Z

/retitle Fix CRD markers

robscott

Thanks @KillianGolds!

apisx/v1alpha1/shared_types.go

The rename makes it explicit that this type permits 0, helping prevent accidental use where StatusPortNumber (1–65535) should be preferred. Signed-off-by: Killian Golds <[email protected]>

youngnick · 2025-10-17T05:11:43Z

Nice work.

/approve

k8s-ci-robot · 2025-10-17T05:11:50Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: KillianGolds, youngnick

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [youngnick]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

hack/update-clientset.sh

Simplifies the validation step to avoid generating files or requiring boilerplate headers. The validation still catches invalid markers but does not write any CRDs to disk.

Signed-off-by: Killian Golds <[email protected]>

rikatz · 2025-10-17T12:49:10Z

/hold
/lgtm
Will just wait @shaneutt to kick the github actions for me (we need to fix this!) and we can merge it

pierDipi · 2025-10-17T13:12:08Z

@rikatz action is green https://github.com/kubernetes-sigs/gateway-api/actions/runs/18593105077/job/53012817138?pr=4178

rikatz · 2025-10-17T13:20:38Z

/hold cancel
Thanks!

* Fix incorrect Kubebuilder validation markers This commit corrects several invalid Kubebuilder validation markers that caused controller-gen validation errors. Changes: Removed +listType=atomic from non-array fields: gateway_types.go: Namespaces *RouteNamespaces (line 806) backendtlspolicy_types.go: WellKnownCACertificates (line 192) Replaced MaxLength with MaxItems for array fields: httproute_types.go: AllowedRequestHeaders []string (lines 1674, 1722) httproute_types.go: AllowedResponseHeaders []string (line 1733) Removed Minimum/Maximum from non-primitive fields: xlistenerset_types.go: Port PortNumber (lines 170, 255) Added CRD marker validation to hack/update-clientset.sh to detect invalid markers during development and CI. These fixes ensure validation markers are applied only to compatible field types. Signed-off-by: Killian Golds <[email protected]> * Restore port validation by defining PortNumber types in v1alpha1 Addresses reviewers feedback by moving validation to the type level. Creates StatusPortNumber for status fields requiring valid ports (1-65535). Signed-off-by: Killian Golds <[email protected]> * Removed invalid printcolumn marker from v1alpha2 ReferenceGrant The v1alpha2 ReferenceGrant type is marked with +kubebuilder:skipversion, meaning no CRD is generated for this version (it’s just an alias to v1beta1). The +kubebuilder:printcolumn marker cannot be applied to a skipped version. This issue was uncovered by the CRD marker validation added in the previous commit. The printcolumn is already correctly defined in v1beta1 and does not need to be duplicated here. Signed-off-by: Killian Golds <[email protected]> * Rename PortNumber to PortNumberWith0 to prevent misuse The rename makes it explicit that this type permits 0, helping prevent accidental use where StatusPortNumber (1–65535) should be preferred. Signed-off-by: Killian Golds <[email protected]> * Use output:none for CRD marker validation Simplifies the validation step to avoid generating files or requiring boilerplate headers. The validation still catches invalid markers but does not write any CRDs to disk. * clean duplicated echo statement Signed-off-by: Killian Golds <[email protected]> --------- Signed-off-by: Killian Golds <[email protected]>

KillianGolds added 2 commits October 16, 2025 15:43

Restore port validation by defining PortNumber types in v1alpha1

2870655

Addresses reviewers feedback by moving validation to the type level. Creates StatusPortNumber for status fields requiring valid ports (1-65535). Signed-off-by: Killian Golds <[email protected]>

k8s-ci-robot requested review from aojea and robscott October 16, 2025 14:48

k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Oct 16, 2025

k8s-ci-robot requested a review from rikatz October 16, 2025 15:17

k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Oct 16, 2025

pierDipi reviewed Oct 16, 2025

View reviewed changes

apis/v1alpha2/referencegrant_types.go Show resolved Hide resolved

k8s-ci-robot assigned rikatz Oct 16, 2025

k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 16, 2025

k8s-ci-robot changed the title ~~Fix validation markers release v1.4~~ Fix CRD markers Oct 16, 2025

rikatz mentioned this pull request Oct 16, 2025

Fix incorrect Kubebuilder validation markers #4172

Closed

robscott reviewed Oct 16, 2025

View reviewed changes

apisx/v1alpha1/shared_types.go Outdated Show resolved Hide resolved

Rename PortNumber to PortNumberWith0 to prevent misuse

d98b3a3

The rename makes it explicit that this type permits 0, helping prevent accidental use where StatusPortNumber (1–65535) should be preferred. Signed-off-by: Killian Golds <[email protected]>

k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 16, 2025

KillianGolds requested a review from robscott October 17, 2025 00:30

k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 17, 2025

rikatz reviewed Oct 17, 2025

View reviewed changes

hack/update-clientset.sh Outdated Show resolved Hide resolved

Use output:none for CRD marker validation

9b25a6b

Simplifies the validation step to avoid generating files or requiring boilerplate headers. The validation still catches invalid markers but does not write any CRDs to disk.

KillianGolds requested a review from rikatz October 17, 2025 12:36

clean duplicated echo statement

2f333b1

Signed-off-by: Killian Golds <[email protected]>

k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. lgtm "Looks good to me", indicates that a PR is ready to be merged. labels Oct 17, 2025

k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 17, 2025

k8s-ci-robot merged commit 11212e6 into kubernetes-sigs:main Oct 17, 2025
20 checks passed

rikatz mentioned this pull request Oct 17, 2025

Unexpected failures in pull-gateway-api-verify caused by verify-codegen.sh #4184

Closed

KillianGolds mentioned this pull request Oct 29, 2025

RHOAIENG-34472: [WIP] GIE v1 Migration opendatahub-io/kserve#948

Closed

4 tasks

lexfrei mentioned this pull request Nov 6, 2025

feat(ingress): add HTTPRoute support for Grafana instances grafana/grafana-operator#2283

Closed

KillianGolds mentioned this pull request Nov 28, 2025

RHOAIENG-34472: GIE v1 Migration opendatahub-io/kserve#996

Draft

4 tasks

Fix CRD markers #4178

Fix CRD markers #4178

Uh oh!

Conversation

KillianGolds commented Oct 16, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

k8s-ci-robot commented Oct 16, 2025

Uh oh!

KillianGolds commented Oct 16, 2025

Uh oh!

rikatz commented Oct 16, 2025

Uh oh!

Uh oh!

rikatz commented Oct 16, 2025

Uh oh!

rikatz commented Oct 16, 2025

Uh oh!

robscott left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

youngnick commented Oct 17, 2025

Uh oh!

k8s-ci-robot commented Oct 17, 2025

Uh oh!

Uh oh!

rikatz commented Oct 17, 2025

Uh oh!

pierDipi commented Oct 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

rikatz commented Oct 17, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

KillianGolds commented Oct 16, 2025 •

edited

Loading

pierDipi commented Oct 17, 2025 •

edited

Loading