Skip to content

Shift-left validation for cel expressions #130570

New issue
New issue
Open
Open
Shift-left validation for cel expressions#130570
Labels
kind/featureCategorizes issue or PR as related to a new feature.sig/api-machineryCategorizes an issue or PR as relevant to SIG API Machinery.triage/acceptedIndicates an issue or PR is ready to be actively worked on.
@cici37

Description

@cici37
cici37
opened on Mar 4, 2025

What would you like to be added?

Currently, CEL expressions are validated only at runtime when a resource is submitted to the cluster. To address this, we propose expanding the existing kubectl-validate repository to provide a shift-left validation tool that allows users to test CEL expressions against incoming object files locally before deploying them.

https://docs.google.com/document/d/1QzEXIEdAjbPtaFnAtuHzot16Lp2X4vTpQ1AokfPFv1w/edit?tab=t.0

Why is this needed?

Kubernetes has increasingly leveraged Common Expression Language (CEL) to enhance policy enforcement and resource allocation. Features such as ValidatingAdmissionPolicy and Dynamic Resource Allocation rely on CEL to define the matching resources and how resources should be validated. However, one major challenge is the lack of a shift-left validation tool that enables developers and operators to test CEL expressions against real objects before deploying them to a cluster.

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/featureCategorizes issue or PR as related to a new feature.sig/api-machineryCategorizes an issue or PR as relevant to SIG API Machinery.triage/acceptedIndicates an issue or PR is ready to be actively worked on.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions