Add CEL validation to instrumentation.environmentVariables to prevent users from attempting to overwrite variables set by the operator.

Author: dsessler7

config/crd/bases/postgres-operator.crunchydata.com_pgadmins.yaml

@@ -1813,6 +1813,11 @@ spec:
                           required:
                           - name
                           type: object
+                          x-kubernetes-validations:
+                          - message: Cannot overwrite environment variables set by
+                              operator
+                            rule: self.name != 'K8S_POD_NAMESPACE' && self.name !=
+                              'K8S_POD_NAME' && self.name != 'PGPASSWORD'
                         minItems: 1
                         type: array
                         x-kubernetes-list-type: atomic

config/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml

@@ -11658,6 +11658,11 @@ spec:
                           required:
                           - name
                           type: object
+                          x-kubernetes-validations:
+                          - message: Cannot overwrite environment variables set by
+                              operator
+                            rule: self.name != 'K8S_POD_NAMESPACE' && self.name !=
+                              'K8S_POD_NAME' && self.name != 'PGPASSWORD'
                         minItems: 1
                         type: array
                         x-kubernetes-list-type: atomic

pkg/apis/postgres-operator.crunchydata.com/v1beta1/instrumentation_types.go

@@ -70,6 +70,7 @@ type InstrumentationConfigSpec struct {
 	// collector container.
 	// ---
 	// +kubebuilder:validation:MinItems=1
+	// +kubebuilder:validation:items:XValidation:rule=`self.name != 'K8S_POD_NAMESPACE' && self.name != 'K8S_POD_NAME' && self.name != 'PGPASSWORD'`,message="Cannot overwrite environment variables set by operator"
 	// +listType=atomic
 	// +optional
 	EnvironmentVariables []corev1.EnvVar `json:"environmentVariables,omitempty"`