Skip to content

fix: remove domain field with overly restrictive validation#3282

Open
merll wants to merge 5 commits into
mainfrom
APL-1896
Open

fix: remove domain field with overly restrictive validation#3282
merll wants to merge 5 commits into
mainfrom
APL-1896

Conversation

@merll
Copy link
Copy Markdown
Collaborator

@merll merll commented May 27, 2026
edited
Loading

📌 Summary

The field domain in team services is autogenerated by API, but not actually used in routes. It limits the entire service to 64 characters which may be insufficient.

Along with the domain field, other unused fields are removed as well.

🔍 Reviewer Notes

To be run in combination with the following component branches:

🧹 Checklist

  • Code is readable, maintainable, and robust.
  • Unit tests added/updated

@merll merll requested review from Ani1357 and j-zimnowoda as code owners May 27, 2026 13:36
@svcAPLBot
Copy link
Copy Markdown
Contributor

svcAPLBot commented May 27, 2026
edited
Loading

Comparison of Helm chart templating output:

# kube-prometheus-stack/templates/prometheus/additionalScrapeConfigs.yaml

@@ data.additional-scrape-configs.yaml @@
! ± value change
- LSBqb2JfbmFtZTogcHJvYmUtc2VydmljZXMtYWRtaW4KICBtZXRyaWNzX3BhdGg6IC9wcm9iZQogIHBhcmFtczoKICAgIG1vZHVsZToKICAgIC0gaHR0cF8yeHgKICByZWxhYmVsX2NvbmZpZ3M6CiAgLSBzb3VyY2VfbGFiZWxzOgogICAgLSBfX2FkZHJlc3NfXwogICAgdGFyZ2V0X2xhYmVsOiBfX3BhcmFtX3RhcmdldAogIC0gc291cmNlX2xhYmVsczoKICAgIC0gX19wYXJhbV90YXJnZXQKICAgIHRhcmdldF9sYWJlbDogaW5zdGFuY2UKICAtIHJlcGxhY2VtZW50OiBwcm9tZXRoZXVzLWJsYWNrYm94LWV4cG9ydGVyLm1vbml0b3Jpbmc6OTExNQogICAgdGFyZ2V0X2xhYmVsOiBfX2FkZHJlc3NfXwogIHNjcmFwZV9pbnRlcnZhbDogMW0KICBzdGF0aWNfY29uZmlnczoKICAtIGxhYmVsczoKICAgICAgbmFtZXNwYWNlOiB0ZWFtLWFkbWluCiAgICB0YXJnZXRzOgogICAgLSBodHRwczovL2hlbGxvLnRlYW0tYWRtaW4uZGV2Lmxpbm9kZS1hcGwubmV0LwotIGpvYl9uYW1lOiBwcm9iZS1zZXJ2aWNlcy1kZW1vCiAgbWV0cmljc19wYXRoOiAvcHJvYmUKICBwYXJhbXM6CiAgICBtb2R1bGU6CiAgICAtIGh0dHBfMnh4CiAgcmVsYWJlbF9jb25maWdzOgogIC0gc291cmNlX2xhYmVsczoKICAgIC0gX19hZGRyZXNzX18KICAgIHRhcmdldF9sYWJlbDogX19wYXJhbV90YXJnZXQKICAtIHNvdXJjZV9sYWJlbHM6CiAgICAtIF9fcGFyYW1fdGFyZ2V0CiAgICB0YXJnZXRfbGFiZWw6IGluc3RhbmNlCiAgLSByZXBsYWNlbWVudDogcHJvbWV0aGV1cy1ibGFja2JveC1leHBvcnRlci5tb25pdG9yaW5nOjkxMTUKICAgIHRhcmdldF9sYWJlbDogX19hZGRyZXNzX18KICBzY3JhcGVfaW50ZXJ2YWw6IDFtCiAgc3RhdGljX2NvbmZpZ3M6CiAgLSBsYWJlbHM6CiAgICAgIG5hbWVzcGFjZTogdGVhbS1kZW1vCiAgICB0YXJnZXRzOgogICAgLSBodHRwczovL2hhcy1jZXJ0LXN2Yy1kZW1vLmRldi5saW5vZGUtYXBsLm5ldC9qZWhvCiAgICAtIGh0dHBzOi8vaGVsbG8tZGVtby5kZXYubGlub2RlLWFwbC5uZXQvCiAgICAtIGh0dHBzOi8vdGxzcGFzcy5kZXYubGlub2RlLWFwbC5uZXQvCiAgICAtIGh0dHBzOi8vaGVsbG8tYmx1ZS1ncmVlbi1kZW1vLmRldi5saW5vZGUtYXBsLm5ldC8KICAgIC0gaHR0cHM6Ly9zZXJ2aWNlLWEtZGVtby5kZXYubGlub2RlLWFwbC5uZXQvCiAgICAtIGh0dHBzOi8vc2VydmljZS1lLWRlbW8uZGV2Lmxpbm9kZS1hcGwubmV0LwotIGpvYl9uYW1lOiBwcm9iZS1zZXJ2aWNlcy1kZXYKICBtZXRyaWNzX3BhdGg6IC9wcm9iZQogIHBhcmFtczoKICAgIG1vZHVsZToKICAgIC0gaHR0cF8yeHgKICByZWxhYmVsX2NvbmZpZ3M6CiAgLSBzb3VyY2VfbGFiZWxzOgogICAgLSBfX2FkZHJlc3NfXwogICAgdGFyZ2V0X2xhYmVsOiBfX3BhcmFtX3RhcmdldAogIC0gc291cmNlX2xhYmVsczoKICAgIC0gX19wYXJhbV90YXJnZXQKICAgIHRhcmdldF9sYWJlbDogaW5zdGFuY2UKICAtIHJlcGxhY2VtZW50OiBwcm9tZXRoZXVzLWJsYWNrYm94LWV4cG9ydGVyLm1vbml0b3Jpbmc6OTExNQogICAgdGFyZ2V0X2xhYmVsOiBfX2FkZHJlc3NfXwogIHNjcmFwZV9pbnRlcnZhbDogMW0KICBzdGF0aWNfY29uZmlnczoKICAtIGxhYmVsczoKICAgICAgbmFtZXNwYWNlOiB0ZWFtLWRldgogICAgdGFyZ2V0czogbnVsbA==
+ LSBqb2JfbmFtZTogcHJvYmUtc2VydmljZXMtYWRtaW4KICBtZXRyaWNzX3BhdGg6IC9wcm9iZQogIHBhcmFtczoKICAgIG1vZHVsZToKICAgIC0gaHR0cF8yeHgKICByZWxhYmVsX2NvbmZpZ3M6CiAgLSBzb3VyY2VfbGFiZWxzOgogICAgLSBfX2FkZHJlc3NfXwogICAgdGFyZ2V0X2xhYmVsOiBfX3BhcmFtX3RhcmdldAogIC0gc291cmNlX2xhYmVsczoKICAgIC0gX19wYXJhbV90YXJnZXQKICAgIHRhcmdldF9sYWJlbDogaW5zdGFuY2UKICAtIHJlcGxhY2VtZW50OiBwcm9tZXRoZXVzLWJsYWNrYm94LWV4cG9ydGVyLm1vbml0b3Jpbmc6OTExNQogICAgdGFyZ2V0X2xhYmVsOiBfX2FkZHJlc3NfXwogIHNjcmFwZV9pbnRlcnZhbDogMW0KICBzdGF0aWNfY29uZmlnczoKICAtIGxhYmVsczoKICAgICAgbmFtZXNwYWNlOiB0ZWFtLWFkbWluCiAgICB0YXJnZXRzOgogICAgLSBodHRwczovL2hlbGxvLWFkbWluLWFkbWluLmRldi5saW5vZGUtYXBsLm5ldC8KLSBqb2JfbmFtZTogcHJvYmUtc2VydmljZXMtZGVtbwogIG1ldHJpY3NfcGF0aDogL3Byb2JlCiAgcGFyYW1zOgogICAgbW9kdWxlOgogICAgLSBodHRwXzJ4eAogIHJlbGFiZWxfY29uZmlnczoKICAtIHNvdXJjZV9sYWJlbHM6CiAgICAtIF9fYWRkcmVzc19fCiAgICB0YXJnZXRfbGFiZWw6IF9fcGFyYW1fdGFyZ2V0CiAgLSBzb3VyY2VfbGFiZWxzOgogICAgLSBfX3BhcmFtX3RhcmdldAogICAgdGFyZ2V0X2xhYmVsOiBpbnN0YW5jZQogIC0gcmVwbGFjZW1lbnQ6IHByb21ldGhldXMtYmxhY2tib3gtZXhwb3J0ZXIubW9uaXRvcmluZzo5MTE1CiAgICB0YXJnZXRfbGFiZWw6IF9fYWRkcmVzc19fCiAgc2NyYXBlX2ludGVydmFsOiAxbQogIHN0YXRpY19jb25maWdzOgogIC0gbGFiZWxzOgogICAgICBuYW1lc3BhY2U6IHRlYW0tZGVtbwogICAgdGFyZ2V0czoKICAgIC0gaHR0cHM6Ly9oYXMtY2VydC1zdmMtZGVtby5kZXYubGlub2RlLWFwbC5uZXQvamVobwogICAgLSBodHRwczovL2hlbGxvLWRlbW8uZGV2Lmxpbm9kZS1hcGwubmV0LwogICAgLSBodHRwczovL2hlbGxvLWF1dGgtZGVtby5kZXYubGlub2RlLWFwbC5uZXQvCiAgICAtIGh0dHBzOi8vaGVsbG8tYmx1ZS1ncmVlbi1kZW1vLmRldi5saW5vZGUtYXBsLm5ldC8KICAgIC0gaHR0cHM6Ly9oZWxsby1jbmFtZS1kZW1vLmRldi5saW5vZGUtYXBsLm5ldC8KICAgIC0gaHR0cHM6Ly9zZXJ2aWNlLWEtZGVtby5kZXYubGlub2RlLWFwbC5uZXQvCiAgICAtIGh0dHBzOi8vc2VydmljZS1lLWRlbW8uZGV2Lmxpbm9kZS1hcGwubmV0LwotIGpvYl9uYW1lOiBwcm9iZS1zZXJ2aWNlcy1kZXYKICBtZXRyaWNzX3BhdGg6IC9wcm9iZQogIHBhcmFtczoKICAgIG1vZHVsZToKICAgIC0gaHR0cF8yeHgKICByZWxhYmVsX2NvbmZpZ3M6CiAgLSBzb3VyY2VfbGFiZWxzOgogICAgLSBfX2FkZHJlc3NfXwogICAgdGFyZ2V0X2xhYmVsOiBfX3BhcmFtX3RhcmdldAogIC0gc291cmNlX2xhYmVsczoKICAgIC0gX19wYXJhbV90YXJnZXQKICAgIHRhcmdldF9sYWJlbDogaW5zdGFuY2UKICAtIHJlcGxhY2VtZW50OiBwcm9tZXRoZXVzLWJsYWNrYm94LWV4cG9ydGVyLm1vbml0b3Jpbmc6OTExNQogICAgdGFyZ2V0X2xhYmVsOiBfX2FkZHJlc3NfXwogIHNjcmFwZV9pbnRlcnZhbDogMW0KICBzdGF0aWNfY29uZmlnczoKICAtIGxhYmVsczoKICAgICAgbmFtZXNwYWNlOiB0ZWFtLWRldgogICAgdGFyZ2V0czogbnVsbA==

# otomi-api/templates/configmap.yaml

@@ data.VERSIONS @@
! ± value change in multiline text (one insert, one deletion)
  
- {"api":"main","aplCharts":"main","console":"main","consoleLogin":"main","core":"main","specVersion":68,"tasks":"main","tools":"main"}
+ {"api":"main","aplCharts":"main","console":"main","consoleLogin":"main","core":"main","specVersion":69,"tasks":"main","tools":"main"}

# otomi-api/templates/deployment.yaml

@@ spec.template.spec.containers @@
! + one list entry added:
+ - name: otomi-api-tools
+   image: "docker.io/linode/apl-core:main"
+   imagePullPolicy: Always
+   command:
+   - sh
+   args:
+   - "-c"
+   - "binzx/otomi server -vv"
+   ports:
+   - name: http
+     containerPort: 17771
+     protocol: TCP
+   resources:
+     limits:
+       cpu: 1
+       memory: 1Gi
+     requests:
+       cpu: 300m
+       memory: 256Mi
+   volumeMounts:
+   - name: repo
+     mountPath: /tmp
+   envFrom:
+   - secretRef:
+       name: otomi-api
+   - secretRef:
+       name: otomi-api-git-credentials
+   - configMapRef:
+       name: otomi-api

# rabbitmq-cluster-operator/templates/messaging-topology-operator/validating-webhook-configuration.yaml

# values-repo.yaml

@@ versions.specVersion @@
! ± value change
- 68
+ 69

@@ teamConfig.demo.services.has-cert-svc @@
! - one map entry removed:
- hasCert: true

@@ teamConfig.demo.services.hello @@
! - three map entries removed:
- auth: true
- domain: hello-demo.dev.linode-apl.net
- ownHost: true

@@ teamConfig.demo.services.hello-auth @@
! - two map entries removed:
- domain: tlspass.dev.linode-apl.net
- ownHost: true

@@ teamConfig.demo.services.hello-blue-green @@
! - one map entry removed:
- ownHost: true

@@ teamConfig.demo.services.hello-cname @@
! - three map entries removed:
- auth: true
- domain: hello-demo.dev.linode-apl.net
- ownHost: true

@@ teamConfig.admin.services.hello-admin @@
! - three map entries removed:
- auth: true
- domain: hello.team-admin.dev.linode-apl.net
- ownHost: true

j-zimnowoda
j-zimnowoda reviewed May 28, 2026
View reviewed changes
Comment thread values-changes.yaml
- 'teamConfig.{team}.services[].domain'
- 'teamConfig.{team}.services[].forwardPath'
- 'teamConfig.{team}.services[].hasCert'
- 'teamConfig.{team}.services[].namespace'
Copy link
Copy Markdown
Contributor

@j-zimnowoda j-zimnowoda May 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it mean admin will not be able to choose service namespace anymore?
If so then it may be inconsistent with the fact that the workloads can be deployed to arbitrary namespaces.

@j-zimnowoda j-zimnowoda requested a review from Copilot May 28, 2026 07:55
Copilot AI reviewed May 28, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Removes the domain field (and several other unused fields) from the team service schema to avoid overly restrictive/unused configuration, and bumps specVersion to trigger a migration that deletes deprecated keys from existing values repos.

Changes:

  • Remove multiple properties from definitions.service in values-schema.yaml (including domain).
  • Add spec migration v69 deletions and bump specVersion to 69 in defaults/fixtures.
  • Update team service fixture YAMLs to stop using removed fields.

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
values-schema.yaml Removes deprecated/unused team service fields from the JSON schema.
values-changes.yaml Adds a v69 migration entry to delete deprecated team service fields.
tests/fixtures/env/teams/demo/services/hello.yaml Updates demo service fixture to reflect removed service fields.
tests/fixtures/env/teams/demo/services/hello-cname.yaml Updates CNAME fixture to reflect removed service fields.
tests/fixtures/env/teams/demo/services/hello-blue-green.yaml Removes deprecated ownHost from fixture.
tests/fixtures/env/teams/demo/services/hello-auth.yaml Removes deprecated domain/ownHost from fixture.
tests/fixtures/env/teams/demo/services/has-cert-svc.yaml Removes deprecated hasCert from fixture.
tests/fixtures/env/teams/admin/services/hello-admin.yaml Removes deprecated service fields from admin fixture.
tests/fixtures/env/settings/versions.yaml Bumps fixture specVersion to 69.
helmfile.d/snippets/defaults.yaml Bumps default specVersion to 69.

Comment thread values-changes.yaml
Comment on lines +497 to +504
- version: 69
deletions:
- 'teamConfig.{team}.services[].auth'
- 'teamConfig.{team}.services[].domain'
- 'teamConfig.{team}.services[].forwardPath'
- 'teamConfig.{team}.services[].hasCert'
- 'teamConfig.{team}.services[].namespace'
- 'teamConfig.{team}.services[].ownHost'
Comment thread tests/fixtures/env/teams/demo/services/hello.yaml
Comment on lines 7 to +9
cname:
domain: hello-demo.cname.com
tslSecretName: ''
domain: hello-demo.dev.linode-apl.net
tslSecretName: ""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@j-zimnowoda j-zimnowoda j-zimnowoda left review comments

Copilot code review Copilot Copilot left review comments

@Ani1357 Ani1357 Awaiting requested review from Ani1357 Ani1357 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@merll @svcAPLBot @j-zimnowoda