Updated kube-api-linter version to the latest. After update relax conditions checks in .golangci-kal.yml (comment out conditions config). The older version was not picking them.

Author: v47

.golangci-kal.yml

@@ -32,10 +32,10 @@ linters:
             disable:
               - "*" # We will manually enable new linters after understanding the impact. Disable all by default.
           lintersConfig:
-            conditions:
-              isFirstField: Warn # Require conditions to be the first field in the status struct.
-              usePatchStrategy: Forbid # Conditions should not use the patch strategy on CRDs.
-              useProtobuf: Forbid # We don't use protobuf, so protobuf tags are not required.
+            # conditions:
+            #   isFirstField: Warn # Require conditions to be the first field in the status struct.
+            #   usePatchStrategy: Forbid # Conditions should not use the patch strategy on CRDs.
+            #   useProtobuf: Forbid # We don't use protobuf, so protobuf tags are not required.
           # jsonTags:
           #   jsonTagRegex: "^[a-z][a-z0-9]*(?:[A-Z][a-z0-9]*)*$" # The default regex is appropriate for our use case.
           # optionalOrRequired:

api/v1beta1/awsmachine_types.go

@@ -77,7 +77,7 @@ type AWSMachineSpec struct {
 	// InstanceType is the type of instance to create. Example: m4.xlarge
 	// +kubebuilder:validation:Required
 	// +kubebuilder:validation:MinLength:=2
-	InstanceType string `json:"instanceType"`
+	InstanceType string `json:"instanceType,omitempty"`
 
 	// AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the
 	// AWS provider. If both the AWSCluster and the AWSMachine specify the same tag name with different values, the

api/v1beta2/awsmachine_types.go

@@ -114,7 +114,7 @@ type AWSMachineSpec struct {
 	// InstanceType is the type of instance to create. Example: m4.xlarge
 	// +kubebuilder:validation:Required
 	// +kubebuilder:validation:MinLength:=2
-	InstanceType string `json:"instanceType"`
+	InstanceType string `json:"instanceType,omitempty"`
 
 	// AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the
 	// AWS provider. If both the AWSCluster and the AWSMachine specify the same tag name with different values, the

config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanes.yaml

@@ -878,6 +878,7 @@ spec:
                     description: |-
                       This is also known as audience. The ID for the client application that makes
                       authentication requests to the OpenID identity provider.
+                    minLength: 1
                     type: string
                   groupsClaim:
                     description: The JWT claim that the provider uses to return your
@@ -894,6 +895,7 @@ spec:
                       The name of the OIDC provider configuration.
 
                       IdentityProviderConfigName is a required field
+                    minLength: 1
                     type: string
                   issuerUrl:
                     description: |-
@@ -904,6 +906,8 @@ spec:
                       not. Typically the URL consists of only a hostname, like https://server.example.org
                       or https://example.com. This URL should point to the level below .well-known/openid-configuration
                       and must be publicly accessible over the internet.
+                    minLength: 1
+                    pattern: ^https://.+
                     type: string
                   requiredClaims:
                     additionalProperties:
@@ -3050,6 +3054,7 @@ spec:
                     description: |-
                       This is also known as audience. The ID for the client application that makes
                       authentication requests to the OpenID identity provider.
+                    minLength: 1
                     type: string
                   groupsClaim:
                     description: The JWT claim that the provider uses to return your
@@ -3066,6 +3071,7 @@ spec:
                       The name of the OIDC provider configuration.
 
                       IdentityProviderConfigName is a required field
+                    minLength: 1
                     type: string
                   issuerUrl:
                     description: |-
@@ -3076,6 +3082,8 @@ spec:
                       not. Typically the URL consists of only a hostname, like https://server.example.org
                       or https://example.com. This URL should point to the level below .well-known/openid-configuration
                       and must be publicly accessible over the internet.
+                    minLength: 1
+                    pattern: ^https://.+
                     type: string
                   requiredClaims:
                     additionalProperties:

config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanetemplates.yaml

@@ -880,6 +880,7 @@ spec:
                             description: |-
                               This is also known as audience. The ID for the client application that makes
                               authentication requests to the OpenID identity provider.
+                            minLength: 1
                             type: string
                           groupsClaim:
                             description: The JWT claim that the provider uses to return
@@ -896,6 +897,7 @@ spec:
                               The name of the OIDC provider configuration.
 
                               IdentityProviderConfigName is a required field
+                            minLength: 1
                             type: string
                           issuerUrl:
                             description: |-
@@ -906,6 +908,8 @@ spec:
                               not. Typically the URL consists of only a hostname, like https://server.example.org
                               or https://example.com. This URL should point to the level below .well-known/openid-configuration
                               and must be publicly accessible over the internet.
+                            minLength: 1
+                            pattern: ^https://.+
                             type: string
                           requiredClaims:
                             additionalProperties:

config/crd/bases/controlplane.cluster.x-k8s.io_rosacontrolplanes.yaml

@@ -285,6 +285,7 @@ spec:
                             claim:
                               description: Claim is a JWT token claim to be used in
                                 the mapping
+                              minLength: 1
                               type: string
                             prefix:
                               description: |-
@@ -310,6 +311,7 @@ spec:
                             claim:
                               description: Claim is a JWT token claim to be used in
                                 the mapping
+                              minLength: 1
                               type: string
                             prefix:
                               description: Prefix is prepended to claim to prevent
@@ -417,6 +419,7 @@ spec:
                             name:
                               description: Name is the metadata.name of the referenced
                                 object.
+                              minLength: 1
                               type: string
                           required:
                           - name
@@ -425,6 +428,7 @@ spec:
                           description: |-
                             URL is the serving URL of the token issuer.
                             Must use the https:// scheme.
+                          minLength: 1
                           pattern: ^https:\/\/[^\s]
                           type: string
                       required:
@@ -457,6 +461,7 @@ spec:
                               name:
                                 description: Name is the metadata.name of the referenced
                                   object.
+                                minLength: 1
                                 type: string
                             required:
                             - name
@@ -474,6 +479,7 @@ spec:
                               client configuration
                             maxLength: 63
                             minLength: 1
+                            pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
                             type: string
                           extraScopes:
                             description: ExtraScopes is an optional set of scopes

config/crd/bases/infrastructure.cluster.x-k8s.io_awsmachinepools.yaml

@@ -80,6 +80,7 @@ spec:
               awsLaunchTemplate:
                 description: AWSLaunchTemplate specifies the launch template and version
                   to use when an instance is launched.
+                minProperties: 1
                 properties:
                   additionalSecurityGroups:
                     description: |-
@@ -582,6 +583,7 @@ spec:
               awsLaunchTemplate:
                 description: AWSLaunchTemplate specifies the launch template and version
                   to use when an instance is launched.
+                minProperties: 1
                 properties:
                   additionalSecurityGroups:
                     description: |-

config/crd/bases/infrastructure.cluster.x-k8s.io_awsmanagedmachinepools.yaml

@@ -89,6 +89,7 @@ spec:
                   AWSLaunchTemplate specifies the launch template to use to create the managed node group.
                   If AWSLaunchTemplate is specified, certain node group configuraions outside of launch template
                   are prohibited (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html).
+                minProperties: 1
                 properties:
                   additionalSecurityGroups:
                     description: |-
@@ -349,9 +350,11 @@ spec:
                       type: string
                     key:
                       description: Key is the key of the taint
+                      minLength: 1
                       type: string
                     value:
                       description: Value is the value of the taint
+                      minLength: 1
                       type: string
                   required:
                   - effect
@@ -591,6 +594,7 @@ spec:
                   AWSLaunchTemplate specifies the launch template to use to create the managed node group.
                   If AWSLaunchTemplate is specified, certain node group configuraions outside of launch template
                   are prohibited (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html).
+                minProperties: 1
                 properties:
                   additionalSecurityGroups:
                     description: |-
@@ -1085,9 +1089,11 @@ spec:
                       type: string
                     key:
                       description: Key is the key of the taint
+                      minLength: 1
                       type: string
                     value:
                       description: Value is the value of the taint
+                      minLength: 1
                       type: string
                   required:
                   - effect

config/crd/bases/infrastructure.cluster.x-k8s.io_rosamachinepools.yaml

@@ -90,6 +90,7 @@ spec:
                 type: string
               instanceType:
                 description: InstanceType specifies the AWS instance type
+                minLength: 1
                 type: string
               labels:
                 additionalProperties:
@@ -143,6 +144,7 @@ spec:
                       type: string
                     key:
                       description: The taint key to be applied to a node.
+                      minLength: 1
                       type: string
                     value:
                       description: The taint value corresponding to the taint key.

controlplane/eks/api/v1beta1/types.go

@@ -127,7 +127,7 @@ type Addon struct {
 	// Name is the name of the addon
 	// +kubebuilder:validation:MinLength:=2
 	// +kubebuilder:validation:Required
-	Name string `json:"name"`
+	Name string `json:"name,omitempty"`
 	// Version is the version of the addon to use
 	Version string `json:"version"`
 	// Configuration of the EKS addon
@@ -223,7 +223,8 @@ type OIDCIdentityProviderConfig struct {
 	// This is also known as audience. The ID for the client application that makes
 	// authentication requests to the OpenID identity provider.
 	// +kubebuilder:validation:Required
-	ClientID string `json:"clientId"`
+	// +kubebuilder:validation:MinLength=1
+	ClientID string `json:"clientId,omitempty"`
 
 	// The JWT claim that the provider uses to return your groups.
 	// +optional
@@ -239,7 +240,8 @@ type OIDCIdentityProviderConfig struct {
 	//
 	// IdentityProviderConfigName is a required field
 	// +kubebuilder:validation:Required
-	IdentityProviderConfigName string `json:"identityProviderConfigName"`
+	// +kubebuilder:validation:MinLength=1
+	IdentityProviderConfigName string `json:"identityProviderConfigName,omitempty"`
 
 	// The URL of the OpenID identity provider that allows the API server to discover
 	// public signing keys for verifying tokens. The URL must begin with https://
@@ -250,7 +252,9 @@ type OIDCIdentityProviderConfig struct {
 	// and must be publicly accessible over the internet.
 	//
 	// +kubebuilder:validation:Required
-	IssuerURL string `json:"issuerUrl"`
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:Pattern=`^https://.+`
+	IssuerURL string `json:"issuerUrl,omitempty"`
 
 	// The key value pairs that describe required claims in the identity token.
 	// If set, each claim is verified to be present in the token with a matching