Now that there is a base CRDUpgradeSafety preflight check in place, we can continue adding validation logic based on the CRDUpgradeSafety preflight check proposal.

This issue focuses on adding a validation to ensure that updates to an existing field are allowed when the update performed is an increase in the maximum allowed values.

As a potential source of inspiration, here is how a couple of the existing validations are implemented:

• Definitions:

  kapp/pkg/kapp/crdupgradesafety/validator.go

  Lines 71 to 93 in 82f2a30

  	func NoScopeChange(old, new v1.CustomResourceDefinition) error {
  	if old.Spec.Scope != new.Spec.Scope {
  	return fmt.Errorf("scope changed from %q to %q", old.Spec.Scope, new.Spec.Scope)
  	}
  	return nil
  	}
  	func NoStoredVersionRemoved(old, new v1.CustomResourceDefinition) error {
  	newVersions := sets.New[string]()
  	for _, version := range new.Spec.Versions {
  	if !newVersions.Has(version.Name) {
  	newVersions.Insert(version.Name)
  	}
  	}
  	for _, storedVersion := range old.Status.StoredVersions {
  	if !newVersions.Has(storedVersion) {
  	return fmt.Errorf("stored version %q removed", storedVersion)
  	}
  	}
  	return nil
  	}

• Consumption:

  kapp/pkg/kapp/crdupgradesafety/preflight.go

  Lines 36 to 39 in 82f2a30

  	Validations: []Validation{
  	NewValidationFunc("NoScopeChange", NoScopeChange),
  	NewValidationFunc("NoStoredVersionRemoved", NoStoredVersionRemoved),
  	},

This issue can be closed as completed as PR is merged.