kubeconform: kind `CustomResourceDefinition` is not validated against schema
I took this YAML example for creating a CRD from the official K8s doc:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: crontabs.stable.example.com
spec:
versions:
- name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
cronSpec:
type: string
image:
type: string
replicas:
type: integer
scope: Namespaced
names:
plural: crontabs
singular: crontab
kind: CronTab
shortNames:
- ct
When validating this YAML with kubeconform I’m getting the following error:
...failed validation: could not find schema for CustomResourceDefinition
Although the schema exists on the kubernetes-json-schema
repo:
https://github.com/yannh/kubernetes-json-schema/blob/master/v1.18.0/customresourcedefinition-apiextensions-v1.json
Copying the schema from the repo and passing it with the -schema-location
flag works fine, so I guess the issue is when trying to parse the kind type…
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Reactions: 1
- Comments: 20 (7 by maintainers)
Update: I have found an issue in the original openapi2jsonschema repo: https://github.com/instrumenta/openapi2jsonschema/pull/14 seems that the problem is because CustomResourceDefinition contains recursive refs, it is intentionally ignored for the “-standalone” and “-standalone-strict”
A workaround for now is to use the
-schema-location
flag twice, once with the default (standalone) location, and again without the -standalone suffix, and also without the strict suffix - as a fallback.kubeconform -schema-location "default" -schema-location "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/{{ .NormalizedKubernetesVersion }}/{{ .ResourceKind }}{{ .KindSuffix }}.json" ./customResourceDefinition.yaml
We’ll implement this fix on our end for datree, implementing a similar fallback natively in this repo might cause some unexpected behavior, up to you @yannh
@eyarz Hope this answers your question! 😃
weird. I’m not able to reproduce 😕 are you running the latest version of Kubeconform?
@hbouaziz, I think it will be better if you will open a new issue with all the relevant details so we will stop “spamming” this issue…
@royhadad not sure what the benefit would be vs adding the CustomResourceDefinition to the standalone folders. Yes, I am assuming it is a bug in the automated process. I guess I would try to see why https://github.com/yannh/kubernetes-json-schema/blob/a718ad35ec16742bb17e124de1ea40f8b2510ff1/build.sh#L30 doesnt generate the appropriate file 😃
Hi @yannh, I’m currently working on this issue, could you please assign me?
I found the reason it’s missing - it’s because versions with the “-standalone” suffix are missing the definition for
customResourceDefinition
in https://github.com/yannh/kubernetes-json-schemaAlso, I notice that kubeconform always reaches out to the “-standalone” version. Could you please point out the difference between 1.18.0, 1.18.0-local, 1.18.0-standalone? When does kubeconform ever reach out for the 1.18.0/1.18.0-local versions?