🌱 Add OpenAPI defaulting detection for KubeadmConfig by using forbiddenmarkers (#12851)

nayuta723 · web-flow · commit 8a02bd255a44 · 2025-10-16T07:20:50.000-07:00
* Add OpenAPI defaulting detection for KubeadmConfig by using forbiddenmarkers

Signed-off-by: nayuta-ai &lt;nayuta723@gmail.com&gt;

* Block defaulting for all fields except those explicitly excluded.

Signed-off-by: nayuta-ai &lt;nayuta723@gmail.com&gt;

---------

Signed-off-by: nayuta-ai &lt;nayuta723@gmail.com&gt;
diff --git a/.golangci-kal.yml b/.golangci-kal.yml
@@ -18,7 +18,7 @@ linters:
               - "conditions" # Ensure conditions have the correct json tags and markers.
               - "conflictingmarkers"
               - "duplicatemarkers" # Ensure there are no exact duplicate markers. for types and fields.
-              #- "forbiddenmarkers" # Ensure that types and fields do not contain any markers that are forbidden.
+              - "forbiddenmarkers" # Ensure that types and fields do not contain any markers that are forbidden.
               - "integers" # Ensure only int32 and int64 are used for integers.
               - "jsontags" # Ensure every field has a json tag.
               - "maxlength" # Ensure all strings and arrays have maximum lengths/maximum items.
@@ -53,6 +53,10 @@ linters:
                   - ["default", "kubebuilder:default"]
                   - ["required", "kubebuilder:validation:Required", "k8s:required"]
                 description: "A field with a default value cannot be required"
+            forbiddenmarkers:
+              markers:
+                - identifier: "kubebuilder:default"
+                - identifier: "default"
             conditions:
               isFirstField: Warn # Require conditions to be the first field in the status struct.
               usePatchStrategy: Forbid # Forbid patchStrategy markers on the Conditions field.
@@ -158,6 +162,17 @@ linters:
       linters:
         - kubeapilinter
 
+    # Excludes for existing default markers 
+    # We don't want to use OpenAPI defaulting anymore.
+    - path: "api/core/v1beta2/clusterclass_types.go"
+      text: 'forbiddenmarkers: field Reason has forbidden marker "kubebuilder:default=FieldValueInvalid"'
+      linters:
+        - kubeapilinter
+    - path: "api/core/v1beta2/clusterclass_types.go"
+      text: 'forbiddenmarkers: field Reason has forbidden marker "default=ref\(sigs.k8s.io/cluster-api/api/core/v1beta2.FieldValueInvalid\)"'
+      linters:
+        - kubeapilinter
+
     # TODO: Excludes that should be removed once the corresponding issues in KAL are fixed
     # KAL incorrectly reports that the Taints field doesn't have to be a pointer (it has to be to preserve []).
     # See: https://github.com/kubernetes-sigs/kube-api-linter/issues/116
