Closed nightkr closed 2 years ago
The k8s-openapi code will serialize empty containers
to []
, not null
.
So are you saying that:
It's possible with other clients to create a DaemonSet with spec.template.spec.containers
in the JSON set to null
, and
When GETting this DaemonSet, the spec.template.spec.containers
in the JSON is still null
, and
Kubernetes fails to create any actual pods for the DaemonSet because containers
should not be null
.
?
2 and 3, yes. But this was done using k8s-openapi
and kube
.
let daemon_set = k8s_openapi::api::apps::v1::DaemonSet {
spec: Some(k8s_openapi::api::apps::v1::DaemonSetSpec {
template: k8s_openapi::api::core::v1::PodTemplateSpec {
spec: Some(k8s_openapi::api::core::v1::PodSpec {
..Default::default()
}),
..Default::default()
},
..Default::default()
}),
..Default::default()
};
println!("{}", serde_json::to_string(&daemon_set).unwrap());
{"apiVersion":"apps/v1","kind":"DaemonSet","metadata":{},"spec":{"selector":{},"template":{"spec":{"containers":[]}}}}
But anyway, we can have Deserialize be more lenient.
Basically, it's possible to create a DaemonSet where
spec.template.spec.containers
isnull
(the current serialization code will do this ifcontainers
is empty). Trying to deserialize the object from the server will then fail, sincenull
is not a valid value for aVec<Container>
.I think the root problem here is that the server-side validation here happens when creating/updating a
Pod
, but thePodSpec
binding is generated with the assumption that validation has already been performed.