fix bug preventing the creation of CRD in virtual workspace #3808

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

olamilekan000 wants to merge 1 commit into kcp-dev:main from olamilekan000:fix-bug-preventing-creattion-of-crd-invirtual-workspace

.prow.yaml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -210,8 +210,8 @@ presubmits:
  
                  value: "3"

              resources:

                requests:

                  memory: 6Gi

                  cpu: 4

                  memory: 8Gi

                  cpu: 6

      - name: pull-kcp-test-e2e-sharded

        decorate: true

    @@ -239,5 +239,5 @@ presubmits:
  
                  value: "3"

              resources:

                requests:

                  memory: 6Gi

                  cpu: 4

                  memory: 8Gi

                  cpu: 6

pkg/virtual/framework/dynamic/apiserver/crd_helpers.go

-Original file line number
+Diff line change
@@ -0,0 +1,44 @@
+    /*
+    Copyright 2026 The KCP Authors.
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+        http://www.apache.org/licenses/LICENSE-2.0
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+    */
+    package apiserver
+    import (
+    	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+    	apisv1alpha1 "github.com/kcp-dev/sdk/apis/apis/v1alpha1"
+    )
+    // isCRDResource checks if a CustomResourceDefinition is for the CRD type itself
+    // (apiextensions.k8s.io/v1.CustomResourceDefinition).
+    //
+    // This is used to trigger special handling for the deeply nested, recursive schema structure
+    // of a CRD. When generating the OpenAPI spec, the builder would otherwise truncate
+    // spec.versions[].schema.openAPIV3Schema to <Object>.
+    //
+    // When this returns true, we explicitly patch the OpenAPI output to include
+    // x-kubernetes-preserve-unknown-fields: true on openAPIV3Schema. This tells clients
+    // (like kubectl) that the field accepts arbitrary objects without forcing the OpenAPI
+    // builder to recursively unroll the massive JSONSchemaProps tree which cpuld crush performance.
+    //
+    // See: https://github.com/kcp-dev/kcp/issues/3389
+    func isCRDResource(crd *apiextensionsv1.CustomResourceDefinition) bool {
+    	return crd.Spec.Group == "apiextensions.k8s.io" && crd.Spec.Names.Kind == "CustomResourceDefinition"
+    }
+    func isCRDAPIResourceSchema(apiResourceSchema *apisv1alpha1.APIResourceSchema) bool {
+    	return apiResourceSchema.Spec.Group == "apiextensions.k8s.io" && apiResourceSchema.Spec.Names.Kind == "CustomResourceDefinition"
+    }

pkg/virtual/framework/dynamic/apiserver/openapi.go

-Original file line number
+Diff line change
@@ Expand Up / @@ -23,6 +23,7 @@ import ( @@
     	"fmt"
     	"net/http"
     	"sort"
+    	"strings"
     	"time"
     	"github.com/emicklei/go-restful/v3"
@@ Expand All / @@ -42,6 +43,7 @@ import ( @@
     	"k8s.io/kube-openapi/pkg/common/restfuladapter"
     	"k8s.io/kube-openapi/pkg/handler3"
     	"k8s.io/kube-openapi/pkg/spec3"
+    	"k8s.io/kube-openapi/pkg/validation/spec"
     	"k8s.io/utils/keymutex"
     	"k8s.io/utils/lru"
@@ Expand Down Expand Up @@
     		},
     	}
-    	for _, ver := range versions {
+    	for i, ver := range versions {
     		spec, err := builder.BuildOpenAPIV3(crd, ver.Name, builder.Options{V2: false})
     		if err != nil {
     			return nil, err
     		}
+    		if isCRDResource(crd) {
+    			patchCRDSchemaForOpenAPI(spec, &apiResourceSchema.Spec.Versions[i])
+    		}
     		gv := schema.GroupVersion{Group: crd.Spec.Group, Version: ver.Name}
     		gvPath := groupVersionToOpenAPIV3Path(gv)
     		specs[gvPath] = append(specs[gvPath], spec)
@@ Expand All @@
     	return specs, nil
     }
+    func patchCRDSchemaForOpenAPI(spec *spec3.OpenAPI, ver *apisv1alpha1.APIResourceVersion) {
+    	if spec.Components == nil || spec.Components.Schemas == nil {
+    		return
+    	}
+    	for name, s := range spec.Components.Schemas {
+    		if !strings.HasSuffix(name, "CustomResourceDefinition") {
+    			continue
+    		}
+    		if _, hasSpec := s.Properties["spec"]; hasSpec {
+    			continue
+    		}
+    		sourceSchema, err := ver.GetSchema()
+    		if err != nil || sourceSchema == nil {
+    			continue
+    		}
+    		patchedSchema, err := convertToOpenAPISchema(sourceSchema)
+    		if err != nil {
+    			continue
+    		}
+    		patchedSchema.VendorExtensible.Extensions = s.VendorExtensible.Extensions
+    		enhanceOpenAPIV3SchemaProperty(&patchedSchema)
+    		spec.Components.Schemas[name] = &patchedSchema
+    	}
+    }
+    func convertToOpenAPISchema(source *apiextensionsv1.JSONSchemaProps) (spec.Schema, error) {
+    	bs, err := json.Marshal(source)
+    	if err != nil {
+    		return spec.Schema{}, err
+    	}
+    	var result spec.Schema
+    	if err := json.Unmarshal(bs, &result); err != nil {
+    		return spec.Schema{}, err
+    	}
+    	return result, nil
+    }
+    func enhanceOpenAPIV3SchemaProperty(schema *spec.Schema) {
+    	specProp, ok := schema.Properties["spec"]
+    	if !ok {
+    		return
+    	}
+    	versionsProp, ok := specProp.Properties["versions"]
+    	if !ok {
+    		return
+    	}
+    	if versionsProp.Items == nil || versionsProp.Items.Schema == nil {
+    		return
+    	}
+    	itemSchema := versionsProp.Items.Schema
+    	schemaProp, ok := itemSchema.Properties["schema"]
+    	if !ok {
+    		return
+    	}
+    	oaProp, ok := schemaProp.Properties["openAPIV3Schema"]
+    	if !ok {
+    		return
+    	}
+    	// We apply x-kubernetes-preserve-unknown-fields so OpenAPI consumers (like kubectl)
+    	// know that openAPIV3Schema can contain arbitrary objects, without requiring us to
+    	// recursively unroll the massively nested JSONSchemaProps type which exhausts the API server.
+    	if oaProp.VendorExtensible.Extensions == nil {
+    		oaProp.VendorExtensible.Extensions = spec.Extensions{}
+    	}
+    	oaProp.VendorExtensible.Extensions["x-kubernetes-preserve-unknown-fields"] = true
+    	oaProp.Properties = nil
+    	oaProp.Type = []string{"object"}
+    	schemaProp.Properties["openAPIV3Schema"] = oaProp
+    	itemSchema.Properties["schema"] = schemaProp
+    	versionsProp.Items.Schema = itemSchema
+    	specProp.Properties["versions"] = versionsProp
+    	schema.Properties["spec"] = specProp
+    }
     func groupVersionToOpenAPIV3Path(gv schema.GroupVersion) string {
     	if gv.Group == "" {
     		return "api/" + gv.Version
@@ Expand Down @@

pkg/virtual/framework/dynamic/apiserver/serving_info.go

-Original file line number
+Diff line change
@@ Expand Up @@
     	if err := apiextensionsv1.Convert_v1_JSONSchemaProps_To_apiextensions_JSONSchemaProps(openapiSchema, internalSchema, nil); err != nil {
     		return nil, fmt.Errorf("failed converting CRD validation to internal version: %w", err)
     	}
+    	if isCRDAPIResourceSchema(apiResourceSchema) {
+    		patchCRDValidationSchema(internalSchema)
+    	}
     	structuralSchema, err := structuralschema.NewStructural(internalSchema)
     	if err != nil {
     		// This should never happen. If it does, it is a programming error.
@@ Expand Down Expand Up @@
     	ret.SetGroupVersionKind(kind)
     	return ret, nil
     }
+    func patchCRDValidationSchema(schema *apiextensionsinternal.JSONSchemaProps) {
+    	trueVal := true
+    	specProp, ok := schema.Properties["spec"]
+    	if !ok {
+    		return
+    	}
+    	versionsProp, ok := specProp.Properties["versions"]
+    	if !ok {
+    		return
+    	}
+    	if versionsProp.Items == nil || versionsProp.Items.Schema == nil {
+    		return
+    	}
+    	itemSchema := versionsProp.Items.Schema
+    	schemaProp, ok := itemSchema.Properties["schema"]
+    	if !ok {
+    		return
+    	}
+    	oaProp, ok := schemaProp.Properties["openAPIV3Schema"]
+    	if !ok {
+    		return
+    	}
+    	oaProp.XPreserveUnknownFields = &trueVal
+    	schemaProp.Properties["openAPIV3Schema"] = oaProp
+    	itemSchema.Properties["schema"] = schemaProp
+    }

staging/src/github.com/kcp-dev/sdk/testing/workspaces.go

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -136,7 +136,7 @@ func NewLowLevelWorkspaceFixture[O WorkspaceOption](t TestingT, createClusterCli
  
    		var err error

    		ws, err = createClusterClient.Cluster(parent).TenancyV1alpha1().Workspaces().Create(ctx, tmpl, metav1.CreateOptions{})

    		return err == nil, fmt.Sprintf("error creating workspace under %s: %v", parent, err)

    	}, wait.ForeverTestTimeout, time.Millisecond*100, "failed to create %s workspace under %s", tmpl.Spec.Type.Name, parent)

    	}, wait.ForeverTestTimeout*2, time.Millisecond*500, "failed to create %s workspace under %s", tmpl.Spec.Type.Name, parent)

    	wsName := ws.Name

    	t.Cleanup(func() {

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix bug preventing the creation of CRD in virtual workspace #3808

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Uh oh!

fix bug preventing the creation of CRD in virtual workspace #3808

Are you sure you want to change the base?

Uh oh!

fix bug preventing the creation of CRD in virtual workspace #3808

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

Uh oh!

Uh oh!