New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CRD cannot have a field named 'items' #68466
Comments
@kubernetes/sig-api-machinery |
/sig api-machinery |
kubernetes/staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured.go Lines 53 to 60 in 36877da
edit: nevermind... that is nested under spec, so shouldn't trigger IsList detection |
cc @sttts |
The error comes from here:
Is this some kind of JavaScript speciality that slices are represented as objects with |
none I've ever encountered |
Haven't found it in JSON Schema (yet) https://json-schema.org/specification.html |
Found this example https://json-schema.org/latest/json-schema-core.html#rfc.section.8.3.2, which looks concerningly similar to what we see. |
Comes from this PR, without any reasoning: go-openapi/validate#35 |
it looks like something that either should be done when validating a schema, or should pull type info from the validator when validating an object, but not arbitrarily pull type info from attributes of the object being validated |
Bug in go-openapi I believe, misunderstanding of the OpenAPI spec: go-openapi/validate#35 (comment) |
/assign will fix it upstream and report back here after that's done |
This problem has also been encountered in federation with the move to generate validation schema for federated template crds: kubernetes-retired/kubefed#469 |
Will it be possible for this fix to land in 1.13 (whether initially or a patch release)? |
/assign |
@nikhita Hi, do you have any plan to work on this? |
I noticed that you've created the PR upstream, so if you'd like, feel free to take it up! :) |
Hi, @nikhita, after fix the bug in |
Just replied to your slack message :)
…On Thu, Mar 21, 2019 at 12:57 PM Shaw Ho ***@***.***> wrote:
Hi, @nikhita <https://github.com/nikhita>, after fix the bug in go-openapi,
I can't find where the k8s validate the openapischema? Could you help to
point out where is the validation code?
Thanks very much! 😄
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#68466 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/APXA0LOJCHil1UmFnK8ov2_ohd43CsyQks5vYzRWgaJpZM4WhMzK>
.
|
Where is the PR? |
@sttts This is the PR go-openapi/validate#106, and I will submit a PR later in k8s. |
due to: kubernetes/kubernetes#68466 Signed-off-by: David Currie <dcurrie@cloudbees.com>
Hi, I just ran into this issue on on k8s 1.14. What version is this fixed in, if any? |
Fixed in #76124 in 1.16 |
Root cause of the issue is that k8s 1.15 / 1.16 clusters seem to have known issues related to CRD fields that invoke `items` in it, such as the `volumes` we introduced as part of the nginx proxy that sits in front of Prometheus in Monitoring V2. This only seems to have been fixed in k8s 1.17+. More context: kubernetes/kubernetes#68466 is an issue that tracks a problem with CRDs that use fields named `items` introduced sometime before k8s 1.16. In k8s 1.16's release notes, this issue seemed to have been resolved as it shows up under `Other Notable Changes` [here](https://v1-16.docs.kubernetes.io/docs/setup/release/notes/#other-notable-changes-7): ``` Fix CRD validation error on ‘items’ field. (#76124, @tossmilestone) ``` However, when looking into the actual [PR](kubernetes/kubernetes#76124) that was executed to fix this issue, it seems like this issue had a followup in kubernetes/kubernetes#85223 that was only resolved in k8s 1.17+. This shows up in the k8s 1.17 release notes under `API Machinery` [here](https://v1-17.docs.kubernetes.io/docs/setup/release/notes/#api-machinery): ``` CRDs can have fields named type with value array and nested array with items fields without validation to fall over this. (#85223, @sttts) ``` Therefore, the quick fix was to just modify the contents provided to the `volumes` field of the `prometheusSpec`; once modified, Monitoring V2 successfully deployed in a k8s 1.16 cluster.
Is this a BUG REPORT or FEATURE REQUEST?:
/kind bug
What happened:
I cannot have a resource which has a field named
items
it doesn't pass validation.As an example I will modify sample-controller (https://github.com/kubernetes/sample-controller) and add
items
toartifacts/examples/example-foo.yaml
:after executing:
kubectl create -f artifacts/examples/example-foo.yaml
I receive an error:
Validation expects that I will set a
type
field as well, spec below doesn't return the error:After all, in my opinion, it is a bug. I think this connected to OpenApi schema validation, that
items
keyword should always be in pair withtype
.What you expected to happen:
I would expect that I am able to use a field named
items
in CRD spec and it passes validation.Similar to ConfigMap, it has an
items
field, https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#add-configmap-data-to-a-specific-path-in-the-volume.How to reproduce it (as minimally and precisely as possible):
The easiest way is to use https://github.com/kubernetes/sample-controller,
change
artifacts/examples/example-foo.yaml
from:
to:
then execute:
kubectl -f create artifacts/examples/crd-validation.yaml
(it doesn't matter if you will change something here)kubectl -f create artifacts/examples/example-foo.yaml
After mentioned steps, you should receive the error (btw you don't have to change the
Foo
structure to reproduce this)Anything else we need to know?:
No.
Environment:
kubectl version
):Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.4", GitCommit:"5ca598b4ba5abb89bb773071ce452e33fb66339d", GitTreeState:"clean", BuildDate:"2018-06-06T08:13:03Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.4", GitCommit:"5ca598b4ba5abb89bb773071ce452e33fb66339d", GitTreeState:"clean", BuildDate:"2018-06-06T08:00:59Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
Tested as well with k8s-1.11.0, the same problem occurred.
uname -a
) :4.17.19-100.fc27.x86_64The text was updated successfully, but these errors were encountered: