Skip to content

Extend the readiness evaluation of dependencies with CEL expressions #1491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jul 29, 2025
Merged

Extend the readiness evaluation of dependencies with CEL expressions #1491

merged 5 commits into from
Jul 29, 2025

Conversation

@stefanprodan
Copy link
Member

@stefanprodan stefanprodan commented Jul 22, 2025
edited
Loading

This PR extends the Kustomization API with the .spec.dependsOn[].readyExpr optional field that can be used to define a CEL expression to determine the readiness of a Kustomization dependency.

This is helpful for when custom logic is needed to determine if a dependency is ready. For example, when performing a lockstep upgrade, the readyExpr can be used to verify that a dependency has a matching version label before proceeding with the reconciliation of the dependent Kustomization.

apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: app-backend
  namespace: apps
  labels:
    app/version: v1.2.3
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
  name: app-frontend
  namespace: apps
  labels:
    app/version: v1.2.3
spec:
  dependsOn:
    - name: app-backend
      readyExpr: >
        dep.metadata.labels['app/version'] == self.metadata.labels['app/version'] &&
        dep.status.conditions.filter(e, e.type == 'Ready').all(e, e.status == 'True') &&
        dep.metadata.generation == dep.status.observedGeneration

The CEL expression contains the following variables:

  • dep: The dependency Kustomization object being evaluated.
  • self: The Kustomization object being reconciled.

Note: When readyExpr is specified, the built-in readiness check is replaced by the logic defined in the CEL expression. You can configure the controller to run both the CEL expression evaluation and the built-in readiness check, with the AdditiveCELDependencyCheck feature gate.

Closes: #1490

@stefanprodan
api: Add the readyExpr field to dependsOn
5edcf5b 
Extend the readiness evaluation of dependencies with CEL expressions

Signed-off-by: Stefan Prodan <[email protected]>
@stefanprodan
controller: Add AdditiveCELDependencyCheck feature gate
c2754dd 
Signed-off-by: Stefan Prodan <[email protected]>
@stefanprodan stefanprodan requested a review from matheuscscp July 22, 2025 10:05
@stefanprodan stefanprodan added enhancement New feature or request area/kstatus Health checking related issues and pull requests area/api API related issues and pull requests labels Jul 22, 2025
matheuscscp
matheuscscp reviewed Jul 22, 2025
View reviewed changes
api/v1/reference_types.go
// ReadyExpr is a CEL expression that can be used to assess the readiness
// of a dependency. When specified, the built-in readiness check
// is replaced by the logic defined in the CEL expression.
// To make the CEL expression additive to the built-in readiness check,
Copy link
Member

@matheuscscp matheuscscp Jul 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: The word additive here all by itself can sound a bit vague. Since here is a space where we don't have to spare words (like in the case of choosing a name for a feature gate), we can probably be a bit more verbose/redundant here and say that "the hard-coded logic and the CEL expression are AND'ed together".

Copy link
Member Author

@stefanprodan stefanprodan Jul 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the hard-coded logic and the CEL expression are AND'ed together

This sounds wrong to me, it's not hard-coded but bulit-in, the AND'ed is no better than additive.

Copy link
Member

@matheuscscp matheuscscp Jul 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, hard-coded vs built-in sounds the same to me, but I'd say AND'ed is pretty clear and additive not so much

@stefanprodan stefanprodan force-pushed the feat-dependon-cel branch 2 times, most recently from 82eb791 to 5486009 Compare July 22, 2025 15:42
matheuscscp
matheuscscp approved these changes Jul 22, 2025
View reviewed changes
Copy link
Member

@matheuscscp matheuscscp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🚀

This was referenced Jul 22, 2025
Merged
Closed
@stefanprodan stefanprodan merged commit 60b8f86 into main Jul 29, 2025
5 checks passed
@stefanprodan stefanprodan deleted the feat-dependon-cel branch July 29, 2025 05:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matheuscscp matheuscscp matheuscscp approved these changes

Assignees

No one assigned

Labels

area/api API related issues and pull requests area/kstatus Health checking related issues and pull requests enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Lockstep upgrade using Kustomization dependsOn

3 participants

@stefanprodan @matheuscscp