Box a large runtime error in ReconcilerErr#1880
Merged
Merged
Conversation
Signed-off-by: clux <sszynrae@gmail.com>
Signed-off-by: clux <sszynrae@gmail.com>
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1880 +/- ##
=======================================
- Coverage 77.6% 77.5% -0.0%
=======================================
Files 89 89
Lines 8926 8927 +1
=======================================
- Hits 6918 6914 -4
- Misses 2008 2013 +5
🚀 New features to boost your workflow:
|
Member
Author
|
Have done a bit of research on this, and it might still break some people, and clarified the body. It still seems like the a good way forward to me, but soliciting some feedback if people have time. EDIT: fixing this in a non-breaking way for now. Probably not worth rushing a breaking change for a small memory optimization. |
Merged
clux
changed the title
Signed-off-by: clux <sszynrae@gmail.com>
nightkr
approved these changes
Jan 25, 2026
nightkr
left a comment
nightkr
left a comment
Member
There was a problem hiding this comment.
Ah damn, this would've made sense to get in for 3.0.0. Honestly not sure how to handle this, as-is it's still technically breaking even if it's pretty unlikely to cause much trouble...
Member
Author
|
yeah, i wasn't sure, whether it was a good idea to make a breaking change for it. but having looked more, it's unlikely to be an error users touch often. i'll schedule it for 4.0 |
Signed-off-by: Eirik A <sszynrae@gmail.com>
clux
changed the title
eleboucher
pushed a commit
to eleboucher/towonel
that referenced
this pull request
Jun 18, 2026
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [kube](https://github.com/kube-rs/kube) | dependencies | major | `3.1` → `4.0` | --- ### Release Notes <details> <summary>kube-rs/kube (kube)</summary> ### [`v4.0.0`](https://github.com/kube-rs/kube/blob/HEAD/CHANGELOG.md#400--2026-06-16) [Compare Source](kube-rs/kube@3.1.0...4.0.0) \=================== <!-- Release notes generated using configuration in .github/release.yml at 4.0.0 --> #### New Major As per the release schedule to match up with the [latest Kubernetes ハル release](https://kubernetes.io/blog/2026/04/22/kubernetes-v1-36-release/). Lots of fixes and improvements. Thanks to everyone who contributed! #### Kubernetes `v1_36` support via k8s-openapi [0.28](https://github.com/Arnavion/k8s-openapi/releases/tag/v0.28.0) Please [upgrade k8s-openapi along with kube](https://kube.rs/upgrading/) to avoid conflicts. #### CEL Validation A new optional crate [kube-cel](https://docs.rs/kube-cel/latest/kube_cel/) is being re-exported through `kube::core::cel` via [#​1954](kube-rs/kube#1954) Kubernetes CRDs support [CEL validation rules](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-rules) via `x-kubernetes-validations`, and were supported from 3.0 via [`KubeSchema`](https://docs.rs/kube/latest/kube/derive.KubeSchema.html), but these rules could only be evaluated server-side by the API server. The new crate allows evaluating these rules locally using rules matching the [upstream Kubernetes CEL libraries](https://docs.rs/kube/latest/kube/core/cel/trait.KubeCelExt.html#upstream-sources). While low-level, a higher-level CEL validator integrates with [`CustomResource`](https://docs.rs/kube/latest/kube/derive.CustomResource.html) via [`#[kube(cel)]`](https://docs.rs/kube/latest/kube/derive.CustomResource.html#cel-validation-client-side) from [#​2011](kube-rs/kube#2011) and can be used as; ```rust #[derive(CustomResource, Serialize, Deserialize, Clone, KubeSchema)] #[kube(group = "example.com", version = "v1", kind = "Foo", namespaced)] #[kube(cel, validation = "self.spec.replicas >= 0")] // cel trigger + validation rule struct FooSpec { replicas: i32 } let foo = Foo::new("test", FooSpec { replicas: -1 }); foo.validate_cel()?; // new impl; checks creation rules new_foo.validate_cel_update(&old_foo)?; // new impl; checks transition rules ``` See [examples/crd\_derive\_cel.rs](https://github.com/kube-rs/kube/blob/main/examples/crd_derive_cel.rs) for more details. This is available under the `kube/cel` feature, courtesy of [@​doxxx93](https://github.com/doxxx93). #### Config A lot of improvements to config handling; - better error handling of malformed client certs in [#​1966](kube-rs/kube#1966) - add missing `Kubeconfig` fields in [#​1965](kube-rs/kube#1965) - `Kubeconfig` future key compatibility for new fields by adding catch-all `other` key via [#​1964](kube-rs/kube#1964) - deserialization changed from `serde-yaml` to [`serde-saphyr`](https://github.com/bourumir-wyngs/serde-saphyr) to get rid of the long-deprecated dependency. [#​1975](kube-rs/kube#1975) ##### Retry and Timeouts Better timeout and retry handling to better deal with flaky network conditions, and busy or initializing apiservers. - default global read timeouts has been unset in favor of `watcher` level timeouts in [#​1945](kube-rs/kube#1945) (see [#​1798](kube-rs/kube#1798) for context) - regular (non-watch) queries now respect the [`RetryPolicy`](https://docs.rs/kube/latest/kube/client/retry/struct.RetryPolicy.html) - now enabled by default in [#​2007](kube-rs/kube#2007). ##### Client - properly handling rotating ca certs in cluster via [#​1962](kube-rs/kube#1962) - handle `tls-server-name` with `openssl-tls` via [#​1993](kube-rs/kube#1993) - auth exec: accept `yaml` output from `exec` plugins via [#​2003](kube-rs/kube#2003) - fix `ws` task leak and `drop`, and a deadlock on `join()` via [#​1978](kube-rs/kube#1978) - **change**: client tracing now opt-in due to issues. see [#​1972](kube-rs/kube#1972) ##### Runtime - [`watcher`](https://docs.rs/kube/latest/kube/runtime/watcher/index.html) automatically uses the `metadata_` api methods when called with [`PartialObjectMeta<K>`](https://docs.rs/kube/latest/kube/core/metadata/struct.PartialObjectMeta.html) via [#​1952](kube-rs/kube#1952) - (this deprecates [`metadata_watcher`](https://docs.rs/kube/latest/kube/runtime/watcher/fn.metadata_watcher.html) in favor of an explicit change from `Api::<K>` to `Api::<PartialObjectMeta<K>>`) - added [`wait::conditions::is_created`](https://docs.rs/kube/latest/kube/runtime/wait/conditions/fn.is_deleted.html) as a counter to `is_deleted` [#​2000](kube-rs/kube#2000) - added [`Store::state_filtered`](https://docs.rs/kube/latest/kube/runtime/reflector/struct.Store.html#method.state_filter) and [`Store::state_filter_selector`](https://docs.rs/kube/latest/kube/runtime/reflector/struct.Store.html#method.state_filter_selector) to allow more efficient slicing of the locked cache via [#​2002](kube-rs/kube#2002) + [#​1998](kube-rs/kube#1998) #### What's Changed ##### Added - feat: add typed kubeconfig fields for client-go parity by [@​alex-lapuka](https://github.com/alex-lapuka) in [#​1965](kube-rs/kube#1965) - Add CEL validation via kube-cel re-export by [@​doxxx93](https://github.com/doxxx93) in [#​1954](kube-rs/kube#1954) - Add `AdmissionRequest::to_cel_request()` for VAP CEL bridging by [@​doxxx93](https://github.com/doxxx93) in [#​1991](kube-rs/kube#1991) - runtime: implement `Store::state_with` and `Store::state_filtered` by [@​Alvov1](https://github.com/Alvov1) in [#​1998](kube-rs/kube#1998) - runtime: add `wait::conditions::is_created` helper by [@​orangecms](https://github.com/orangecms) in [#​2000](kube-rs/kube#2000) - refactor(runtime): rename Store::state\_with/state\_filtered per review feedback by [@​Alvov1](https://github.com/Alvov1) in [#​2002](kube-rs/kube#2002) - deps: bump kube-cel to 0.6.1 (validation surface flattened) by [@​doxxx93](https://github.com/doxxx93) in [#​2005](kube-rs/kube#2005) - Enable `RetryPolicy::server_retry` by default for `Client` by [@​Danil-Grigorev](https://github.com/Danil-Grigorev) in [#​2007](kube-rs/kube#2007) - feat(derive): client-side CEL validation via #\[kube(cel)] / #\[x\_kube(cel)] by [@​doxxx93](https://github.com/doxxx93) in [#​2011](kube-rs/kube#2011) ##### Changed - preserve unknown kubeconfig fields via serde(flatten) by [@​alex-lapuka](https://github.com/alex-lapuka) in [#​1964](kube-rs/kube#1964) - Remove global read\_timeout default, add watcher-level idle timeout by [@​doxxx93](https://github.com/doxxx93) in [#​1945](kube-rs/kube#1945) - Update tokio-tungstenite requirement from 0.28.0 to 0.29.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1963](kube-rs/kube#1963) - convert from serde-yaml to serde-saphyr by [@​clux](https://github.com/clux) in [#​1975](kube-rs/kube#1975) - features: making client tracing opt-in by [@​mattklein123](https://github.com/mattklein123) in [#​1972](kube-rs/kube#1972) - client: reload in-cluster CA bundle on rotation (rustls-tls) by [@​chrnorm](https://github.com/chrnorm) in [#​1962](kube-rs/kube#1962) - Api\<PartialObjectMeta<K>> should opportunistically degrade to metadata requests by [@​doxxx93](https://github.com/doxxx93) in [#​1952](kube-rs/kube#1952) - Chore(deps): Update garde requirement from 0.22.0 to 0.23.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1989](kube-rs/kube#1989) - bump k8s-openapi to 0.28 by [@​clux](https://github.com/clux) in [#​2009](kube-rs/kube#2009) - Box a large runtime error in ReconcilerErr by [@​clux](https://github.com/clux) in [#​1880](kube-rs/kube#1880) ##### Fixed - fix: feature-flag CREATE\_NO\_WINDOW to not break stderr inheritance by [@​cristeigabriela](https://github.com/cristeigabriela) in [#​1971](kube-rs/kube#1971) - Remove silent error when client-key/client-certificate is malformed by [@​goenning](https://github.com/goenning) in [#​1966](kube-rs/kube#1966) - Fix AttachedProcess task leak on drop and join() deadlock by [@​SebTardif](https://github.com/SebTardif) in [#​1978](kube-rs/kube#1978) - support auth exec yaml output by [@​aviramha](https://github.com/aviramha) in [#​2003](kube-rs/kube#2003) - fix(client): apply tls-server-name on the openssl-tls path by [@​dgunzy](https://github.com/dgunzy) in [#​1993](kube-rs/kube#1993) - Use the resource's own name for the schema title by [@​cehoffman](https://github.com/cehoffman) in [#​1985](kube-rs/kube#1985) - [@​alex-lapuka](https://github.com/alex-lapuka) made their first contribution in [#​1965](kube-rs/kube#1965) - [@​cristeigabriela](https://github.com/cristeigabriela) made their first contribution in [#​1971](kube-rs/kube#1971) - [@​mattklein123](https://github.com/mattklein123) made their first contribution in [#​1972](kube-rs/kube#1972) - [@​chrnorm](https://github.com/chrnorm) made their first contribution in [#​1962](kube-rs/kube#1962) - [@​SebTardif](https://github.com/SebTardif) made their first contribution in [#​1978](kube-rs/kube#1978) - [@​Alvov1](https://github.com/Alvov1) made their first contribution in [#​1998](kube-rs/kube#1998) - [@​orangecms](https://github.com/orangecms) made their first contribution in [#​2000](kube-rs/kube#2000) - [@​dgunzy](https://github.com/dgunzy) made their first contribution in [#​1993](kube-rs/kube#1993) - [@​cehoffman](https://github.com/cehoffman) made their first contribution in [#​1985](kube-rs/kube#1985) **Full Changelog**: <kube-rs/kube@3.1.0...4.0.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDEuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEwMS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL21ham9yIl19--> Reviewed-on: https://codeberg.org/towonel/towonel/pulls/29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes a result_large_err clippy lint in runtime by boxing an the
controller::Errorfor #1879. This does not generally break anything for error policies. None of my controllers have been affected. Modified an example to show this user defined error types round trip the same.We generally discourage interrogating the internal reason for reconciliation which is the main thing this error allows you to do. However, people might in advanced use cases hit this, e.g. npmp / k8s-insider-agent from a code search.
Because of this, if we decide this is worth it, it would be a breaking change, and have applied a
changelog-changelabel.