Enforcing API Standards for Kubernetes CRDs at Scale using OpenAPI, Arazzo and Overlay

smitul564 0 views 42 slides Oct 11, 2025

Slide 1 of 42

About This Presentation

In modern engineering organizations, APIs evolve faster than the processes around them. Specs get copied instead of reused, workflows are buried in client logic, and documentation rarely reflects reality. This session tackles a common but growing challenge: how to manage the multiple Kubernetes oper...

Size: 8.3 MB

Language: en

Added: Oct 11, 2025

Slides: 42 pages

Slide Content

Mitul Sharma Enforcing API Standards for Kubernetes CRDs at Scale Using OpenAPI, Overlay and Arrazo Senior Software Engineer @ Red Hat India Bangalore Oct 8-9

Our Kubernetes Challenge ? Multiple Operators, Multiple Problems Memcached CacheCluster WebApp Team C Team B Team A

Our Kubernetes Challenge ? Multiple Operators, Multiple Problems Platform runs multiple Kubernetes operators Different teams author CRDs Frequent drift in structure and semantics

When Things Go Wrong Consequences: ❌ Schema mismatches ❌ Deployment failures ❌ Production downtime ❌ Developer frustration

Solution Unified, Automated API Governance T hree pillars of our solution: OpenAPI - Consistent validation standards Arazzo - Declarative workflow orchestration Overlay - Deterministic compliance enforcement

OpenAPI Specification v3.1.1: Foundation Standard specification for describing RESTful APIs in a structured and machine-readable format (usually YAML or JSON) Defines API endpoints, request/response structures, authentication methods in a consistent document Usecase for automatic documentation, client generation and API validation

OpenAPI 3.2 : What’s new ? New Features: I ntroduces the new ‘query’ method and ‘additionalOperations’ for defining custom, non-standard HTTP verbs, increasing flexibility in API design. Supports OAuth 2.0 Device Flow and adds ‘oauth2metadataurl’ for easier integration with identity providers Enriched ‘tag’ objects with hierarchy and categorization fields, plus improved discriminator defaults for better model management

CRDs to OpenAPI controller-gen crd2openapi openapi-gen

Validation spec.versions[].schema.openAPIV3Schema Single source of truth

OpenAPI Documentation Generated schemas are always in sync with code Consistent across all teams and all CRDs

From Go Types to OpenAPI Schemas =>

Key benefits of crd to openAPI spec Detect the changes when size int32 changes, conversion reflects in spec Generated OpenAPI will show different field definitions Basic type information and validation rules are maintained

Arazzo 1.0.1 Arazzo is a specification for describing sequences of API calls It describes an approach to document use-case oriented workflows in a programmatically readable format Designed to work alongside with the openAPI Specification Additional human readable nature improves the ability of API specification to tell the story of API(s) in a manner to improve the dev experience.

Arazzo Specification Architecture Caption

Arazzo Specification Architecture Caption Info contains the metadata about the defined arazzo document

Arazzo Specification Architecture Caption Info contains the metadata about the defined arazzo document Lists source descriptions that can be referenced by one or more Workflows(eg. openAPI description)

Arazzo Specification Architecture Caption Info contains the metadata about the defined arazzo document Lists source descriptions that can be referenced by one or more Workflows

Arazzo Specification Architecture Caption Input is a json schema objects respresents input used by workflow

Arazzo Specification Architecture Caption Step represents an call to an API operation

Arazzo Specification Architecture Caption Output is a map between a friendly name and a dynamic output value for a workflow

Arazzo Specification Architecture Reusable objects

Arazzo Specification Architecture Success/Failure evaluation rules

Arazzo Specification Architecture

Arazzo Driven CI Pipeline + flow diagram Caption

Arazzo 1.0.1: Declarative API Workflows Multi-step API workflow specification Validation and linting Declarative, not imperative Enables consistent integration patterns Perfect for CI/CD orchestration *Spectral won't lint the document if no ruleset is specified and no default ruleset file is found

Arazzo 1.0.1: Declarative API Workflows Key Benefits: Reproducible workflows Version-controlled processes Cross-team consistency Automated validation pipelines Code generation and document tool for communication

Why Arazzo Works for CRDs

Overlay 1.0 Overlays are the modification specifications that transforms base OpenAPI specification for different environments, use cases, or compliance. Instead of original openAPI yaml, it creates changes in separate files Fix schema inconsistencies across environments Enhance security (authentication, rate limiting) Customize APIs (SDKs) for different environments (dev, stage, prod)

Architecture Base OpenAPI Spec(openapi.yaml) Overlay files(prod,dev,stage) Speakeasy for modify/extend/sdk generation BumpCli version management Generate SDK for different environments

Overlay 1.0 Use Cases: Enforce minimum validation rules Add security requirements Standardize error responses Apply organizational policies

Enforcing Size Limits Across All CRDs / Env specific

Enforcing Size Limits Across All CRDs

Complex Compliance Scenarios with CI/CD integration

Advantages and Feedback Reduction in validation errors with faster deployment cycles Teams can focus on business logic, not validation boilerplate Onboarding new developers is much smoother 100% compliance with security policies Consistent schemas across 25+ CRDs

OpenAPI + Arazzo + Overlay = Success Dev commit CRD changes Arazzo workflow triggers Generate OpenAPI Schemas Deploy or reject Validation against cluster Apply Overlay patches

Implementation Foundation Rollout Scal scale

Phase 1: Foundation Audit existing CRDs Define baseline Overlay rules Create Arazzo validation workflow Phase 2: Rollout Implement in one repository Train first team Refine based on feedback Phase 3: Scale Roll out to all teams Add advanced Overlay rules Integrate with existing CI/CD

What We Wish We Knew Earlier Technical implementation is the easy part Getting teams to adopt new processes is harder Focus on making their lives easier, not harder Show value quickly and iterate based on feedback "The technology is only 30% of the solution. The other 70% is change management and team adoption."

Enforcing API Standards for Kubernetes CRDs at Scale using OpenAPI, Arazzo and Overlay

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Enforcing API Standards for Kubernetes CRDs at Scale using OpenAPI, Arazzo and Overlay

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx