Skip to content

WIP: CNTRLPLANE-3395: Lower maximum allowed etcd quota from 32 to 16GiB #2840

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dusk125 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

WIP: CNTRLPLANE-3395: Lower maximum allowed etcd quota from 32 to 16GiB #2840

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion openapi/generated_openapi/zz_generated.openapi.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions operator/v1/types_etcd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,11 +42,11 @@ type EtcdSpec struct {
HardwareSpeed ControlPlaneHardwareSpeed `json:"controlPlaneHardwareSpeed"`

// backendQuotaGiB sets the etcd backend storage size limit in gibibytes.
// The value should be an integer not less than 8 and not more than 32.
// The value should be an integer not less than 8 and not more than 16.
// When not specified, the default value is 8.
// +kubebuilder:default:=8
// +kubebuilder:validation:Minimum=8
// +kubebuilder:validation:Maximum=32
// +kubebuilder:validation:Maximum=16
Comment on lines +45 to +49
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Search for existing Etcd resource configurations with backendQuotaGiB values

# Check for numeric values > 16 in YAML/JSON test fixtures or examples
rg -nP 'backendQuotaGiB[:\s]+([1][7-9]|[2-9][0-9]|[1-9][0-9]{2,})' --type yaml --type json -C 3

# Check for any references to the old maximum of 32
rg -nP '(maximum|max|limit)[:\s]*(of|is)?\s*32\s*(GiB|GB)?' --iglob '*etcd*' -C 3

# Look for migration documentation or upgrade notes
fd -e md -e txt --exec rg -l -i 'backendQuotaGiB|etcd.*quota' {} \;

Repository: openshift/api

Length of output: 4239

🌐 Web query:

OpenShift API CRD schema changes backward compatibility and grandfathering existing resources

💡 Result:

OpenShift ensures backward compatibility for CRD schema changes primarily through Operator Lifecycle Manager (OLM) CRD upgrade safety checks and Kubernetes-native mechanisms. Existing resources (CRs) are grandfathered as the Kubernetes API server enforces schema compatibility for reads/writes based on stored versions, preventing breaking changes without conversion webhooks.[1][2][3][4][5][6] OLM's CRD upgrade safety preflight (for cluster extensions/operators) blocks non-backward-compatible CRD updates, such as changing scope, removing stored versions, making optional fields required, shrinking enum/min/max values, or adding required fields. Allowed changes include adding new enum values, making required fields optional, expanding min/max, or adding new versions without modifying existing ones.[1][2][3][4] OpenShift provides strict API compatibility guarantees (especially Tier 1), requiring round-tripping between versions without data loss (via annotations if needed).[7][8] For schema evolution: - Add new CRD versions alongside old ones (multiple served versions). - Use conversion webhooks (hub-spoke model) for breaking changes to enable lossless conversion.[6][5] - Change storage version only after webhook deployment; migrate existing CRs by updating them to rewrite in new storage version.[6][5] - Deprecate/serve=false old versions after migration. Recent OpenShift development (2026) introduces CompatibilityRequirement (apiextensions.openshift.io/v1alpha1, feature-gated under CRDCompatibilityRequirementOperator), allowing explicit compatibility assertions on target CRDs via schema validation on CRD updates and object validation on CR creates/updates. It supports excluded fields and required versions for nuanced control.[9][10][11][12][13][14][15] CRD schema checkers/tools like crd-schema-checker enforce compatibility during development.[16][17][18] Existing CRs remain valid/accessible post-schema changes if updates follow these rules; no automatic invalidation occurs.[1][6][4][5]

Citations:

Breaking change requires test file updates and migration strategy for existing deployments with backendQuotaGiB ≥ 17.

The schema reduction from 32 to 16 GiB prevents users with existing deployments from updating Etcd resources with values between 17–32. The test file (operator/v1/tests/etcds.operator.openshift.io/EtcdBackendQuota.yaml) currently contains invalid test cases and outdated error message expectations:

  • Line 66/75: Test "Should be able to create with 32 BackendQuotaGiB" will fail validation
  • Line 93/150: Expected error messages reference max 32, now obsolete

Kubernetes grandfathers existing resources violating new constraints, but any update attempt fails validation. Update the test file to remove cases with values > 16 and adjust expected error messages accordingly. Additionally, verify that this breaking change aligns with OpenShift's CRD upgrade safety requirements or implement proper versioning/conversion strategy.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@operator/v1/types_etcd.go` around lines 45 - 49, The BackendQuotaGiB
validation in operator/v1/types_etcd.go was lowered to a maximum of 16, which
breaks tests and existing CRs; update the test suite
operator/v1/tests/etcds.operator.openshift.io/EtcdBackendQuota.yaml by removing
or changing the case "Should be able to create with 32 BackendQuotaGiB" (and any
other cases using values >16) and update expected validation error strings to
reference max 16 instead of 32 for tests that assert failure; after adjusting
tests, ensure you either document/implement a CRD versioning/conversion or
migration strategy for existing Etcd resources that may have BackendQuotaGiB ≥17
so cluster upgrades remain safe (verify compliance with OpenShift CRD upgrade
rules).

// +kubebuilder:validation:XValidation:rule="self>=oldSelf",message="etcd backendQuotaGiB may not be decreased"
// +openshift:enable:FeatureGate=EtcdBackendQuota
// +default=8
Expand Down
4 changes: 2 additions & 2 deletions operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,10 @@ spec:
default: 8
description: |-
backendQuotaGiB sets the etcd backend storage size limit in gibibytes.
The value should be an integer not less than 8 and not more than 32.
The value should be an integer not less than 8 and not more than 16.
When not specified, the default value is 8.
format: int32
maximum: 32
maximum: 16
minimum: 8
type: integer
x-kubernetes-validations:
Expand Down
4 changes: 2 additions & 2 deletions operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,10 @@ spec:
default: 8
description: |-
backendQuotaGiB sets the etcd backend storage size limit in gibibytes.
The value should be an integer not less than 8 and not more than 32.
The value should be an integer not less than 8 and not more than 16.
When not specified, the default value is 8.
format: int32
maximum: 32
maximum: 16
minimum: 8
type: integer
x-kubernetes-validations:
Expand Down
4 changes: 2 additions & 2 deletions operator/v1/zz_generated.crd-manifests/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,10 @@ spec:
default: 8
description: |-
backendQuotaGiB sets the etcd backend storage size limit in gibibytes.
The value should be an integer not less than 8 and not more than 32.
The value should be an integer not less than 8 and not more than 16.
When not specified, the default value is 8.
format: int32
maximum: 32
maximum: 16
minimum: 8
type: integer
x-kubernetes-validations:
Expand Down
4 changes: 2 additions & 2 deletions ...zz_generated.featuregated-crd-manifests/etcds.operator.openshift.io/EtcdBackendQuota.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,10 @@ spec:
default: 8
description: |-
backendQuotaGiB sets the etcd backend storage size limit in gibibytes.
The value should be an integer not less than 8 and not more than 32.
The value should be an integer not less than 8 and not more than 16.
When not specified, the default value is 8.
format: int32
maximum: 32
maximum: 16
minimum: 8
type: integer
x-kubernetes-validations:
Expand Down
2 changes: 1 addition & 1 deletion operator/v1/zz_generated.swagger_doc_generated.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions payload-manifests/crds/0000_12_etcd_01_etcds-CustomNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,10 @@ spec:
default: 8
description: |-
backendQuotaGiB sets the etcd backend storage size limit in gibibytes.
The value should be an integer not less than 8 and not more than 32.
The value should be an integer not less than 8 and not more than 16.
When not specified, the default value is 8.
format: int32
maximum: 32
maximum: 16
minimum: 8
type: integer
x-kubernetes-validations:
Expand Down
4 changes: 2 additions & 2 deletions payload-manifests/crds/0000_12_etcd_01_etcds-DevPreviewNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,10 @@ spec:
default: 8
description: |-
backendQuotaGiB sets the etcd backend storage size limit in gibibytes.
The value should be an integer not less than 8 and not more than 32.
The value should be an integer not less than 8 and not more than 16.
When not specified, the default value is 8.
format: int32
maximum: 32
maximum: 16
minimum: 8
type: integer
x-kubernetes-validations:
Expand Down
4 changes: 2 additions & 2 deletions payload-manifests/crds/0000_12_etcd_01_etcds-TechPreviewNoUpgrade.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,10 @@ spec:
default: 8
description: |-
backendQuotaGiB sets the etcd backend storage size limit in gibibytes.
The value should be an integer not less than 8 and not more than 32.
The value should be an integer not less than 8 and not more than 16.
When not specified, the default value is 8.
format: int32
maximum: 32
maximum: 16
minimum: 8
type: integer
x-kubernetes-validations:
Expand Down