CRD cannot have a field named 'items' #68466
Comments
k8s-ci-robot
added
kind/bug
|
@kubernetes/sig-api-machinery |
|
/sig api-machinery |
k8s-ci-robot
added
sig/api-machinery
|
edit: nevermind... that is nested under spec, so shouldn't trigger IsList detection |
|
cc @sttts |
|
The error comes from here: Is this some kind of JavaScript speciality that slices are represented as objects with |
none I've ever encountered |
|
Haven't found it in JSON Schema (yet) https://json-schema.org/specification.html |
|
Found this example https://json-schema.org/latest/json-schema-core.html#rfc.section.8.3.2, which looks concerningly similar to what we see. |
|
Comes from this PR, without any reasoning: go-openapi/validate#35 |
|
it looks like something that either should be done when validating a schema, or should pull type info from the validator when validating an object, but not arbitrarily pull type info from attributes of the object being validated |
|
Bug in go-openapi I believe, misunderstanding of the OpenAPI spec: go-openapi/validate#35 (comment) |
|
/assign will fix it upstream and report back here after that's done |
|
This problem has also been encountered in federation with the move to generate validation schema for federated template crds: kubernetes-retired/kubefed#469 |
|
Will it be possible for this fix to land in 1.13 (whether initially or a patch release)? |
|
/assign |
|
@nikhita Hi, do you have any plan to work on this? |
I noticed that you've created the PR upstream, so if you'd like, feel free to take it up! :) |
|
Hi, @nikhita, after fix the bug in |
|
Just replied to your slack message :)
…On Thu, Mar 21, 2019 at 12:57 PM Shaw Ho ***@***.***> wrote:
Hi, @nikhita <https://github.com/nikhita>, after fix the bug in go-openapi,
I can't find where the k8s validate the openapischema? Could you help to
point out where is the validation code?
Thanks very much! 😄
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#68466 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/APXA0LOJCHil1UmFnK8ov2_ohd43CsyQks5vYzRWgaJpZM4WhMzK>
.
|
|
Where is the PR? |
|
@sttts This is the PR go-openapi/validate#106, and I will submit a PR later in k8s. |
due to: kubernetes/kubernetes#68466 Signed-off-by: David Currie <dcurrie@cloudbees.com>
liggitt
moved this from Triage
to Required for GA, in progress
in Custom Resource Definitions
liggitt
added
priority/important-soon
liggitt
moved this from Required for GA, in progress
to Complete
in Custom Resource Definitions
|
Hi, I just ran into this issue on on k8s 1.14. What version is this fixed in, if any? |
|
Fixed in #76124 in 1.16 |
Root cause of the issue is that k8s 1.15 / 1.16 clusters seem to have known issues related to CRD fields that invoke `items` in it, such as the `volumes` we introduced as part of the nginx proxy that sits in front of Prometheus in Monitoring V2. This only seems to have been fixed in k8s 1.17+. More context: kubernetes/kubernetes#68466 is an issue that tracks a problem with CRDs that use fields named `items` introduced sometime before k8s 1.16. In k8s 1.16's release notes, this issue seemed to have been resolved as it shows up under `Other Notable Changes` [here](https://v1-16.docs.kubernetes.io/docs/setup/release/notes/#other-notable-changes-7): ``` Fix CRD validation error on ‘items’ field. (#76124, @tossmilestone) ``` However, when looking into the actual [PR](kubernetes/kubernetes#76124) that was executed to fix this issue, it seems like this issue had a followup in kubernetes/kubernetes#85223 that was only resolved in k8s 1.17+. This shows up in the k8s 1.17 release notes under `API Machinery` [here](https://v1-17.docs.kubernetes.io/docs/setup/release/notes/#api-machinery): ``` CRDs can have fields named type with value array and nested array with items fields without validation to fall over this. (#85223, @sttts) ``` Therefore, the quick fix was to just modify the contents provided to the `volumes` field of the `prometheusSpec`; once modified, Monitoring V2 successfully deployed in a k8s 1.16 cluster.
Is this a BUG REPORT or FEATURE REQUEST?:
/kind bug
What happened:
I cannot have a resource which has a field named
itemsit doesn't pass validation.As an example I will modify sample-controller (https://github.com/kubernetes/sample-controller) and add
itemstoartifacts/examples/example-foo.yaml:after executing:
kubectl create -f artifacts/examples/example-foo.yamlI receive an error:
Validation expects that I will set a
typefield as well, spec below doesn't return the error:After all, in my opinion, it is a bug. I think this connected to OpenApi schema validation, that
itemskeyword should always be in pair withtype.What you expected to happen:
I would expect that I am able to use a field named
itemsin CRD spec and it passes validation.Similar to ConfigMap, it has an
itemsfield, https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#add-configmap-data-to-a-specific-path-in-the-volume.How to reproduce it (as minimally and precisely as possible):
The easiest way is to use https://github.com/kubernetes/sample-controller,
change
artifacts/examples/example-foo.yamlfrom:
to:
then execute:
kubectl -f create artifacts/examples/crd-validation.yaml(it doesn't matter if you will change something here)kubectl -f create artifacts/examples/example-foo.yamlAfter mentioned steps, you should receive the error (btw you don't have to change the
Foostructure to reproduce this)Anything else we need to know?:
No.
Environment:
kubectl version):Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.4", GitCommit:"5ca598b4ba5abb89bb773071ce452e33fb66339d", GitTreeState:"clean", BuildDate:"2018-06-06T08:13:03Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.4", GitCommit:"5ca598b4ba5abb89bb773071ce452e33fb66339d", GitTreeState:"clean", BuildDate:"2018-06-06T08:00:59Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
Tested as well with k8s-1.11.0, the same problem occurred.
uname -a) :4.17.19-100.fc27.x86_64The text was updated successfully, but these errors were encountered: