No metadata.namespace field in the HierarchyConfiguration CRD jsonschema

kubernetes-sigs / hierarchical-namespaces

Home of the Hierarchical Namespace Controller (HNC). Adds hierarchical policies and delegated creation to Kubernetes namespaces for improved in-cluster multitenancy.

Apache License 2.0

619 stars 105 forks source link

No metadata.namespace field in the HierarchyConfiguration CRD jsonschema #332

Closed hrk091 closed 6 months ago

hrk091 commented 1 year ago

HierarchyConfiguration CRD is patched to make it singleton by https://github.com/kubernetes-sigs/hierarchical-namespaces/blob/master/hack/crd_patches/singleton-enum-patch.sh, but metadata.namespace field is not defined there. While HNCConfiguration is global singleton, HierarchyConfiguration is namespaced singleton so there should be metadata.namespace field in the HierarchyConfiguration CRD.

Now I’m trying validate manifests including HierarchyConfiguration resources using kubeconfirm, and it has reported the following Error:

HierarchyConfiguration hierarchy is invalid: problem validating schema. Check JSON formatting: jsonschema: '/metadata' does not validate with file:///generated/crd_schemas/eval/hierarchyconfiguration-hnc-v1alpha2.json#/properties/metadata/additionalProperties: additionalProperties 'namespace' not allowed

It seems that the namespace property needs to be added here as follows:

            # This is patched by hack/crd_patches/singleton-enum-patch.sh
            properties:
              name:
                type: string
                enum:
                  - hierarchy
+             namespace:
+               type: string

adrianludwin commented 1 year ago

I'm not sure I understand - there's tons of stuff in the metadata other than just name and namespace. Why don't they need to be added as well?

hrk091 commented 11 months ago

Thank you for your reply!

Right. It is much better that other stuff in the metadata are also added. In my case, only name and namespace are defined in the metadata of HierarchyConfiguration in my GitOps repository, and the manifests stored in the Git repository are validated by kubeconfirm in CI, not the actually applied one. Therefore, the only error regarding namespace has been reported.

k8s-triage-robot commented 8 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot commented 7 months ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle rotten
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot commented 6 months ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Reopen this issue with /reopen
Mark this issue as fresh with /remove-lifecycle rotten
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-ci-robot commented 6 months ago

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to [this](https://github.com/kubernetes-sigs/hierarchical-namespaces/issues/332#issuecomment-2041544349): >The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. > >This bot triages issues according to the following rules: >- After 90d of inactivity, `lifecycle/stale` is applied >- After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied >- After 30d of inactivity since `lifecycle/rotten` was applied, the issue is closed > >You can: >- Reopen this issue with `/reopen` >- Mark this issue as fresh with `/remove-lifecycle rotten` >- Offer to help out with [Issue Triage][1] > >Please send feedback to sig-contributor-experience at [kubernetes/community](https://github.com/kubernetes/community). > >/close not-planned > >[1]: https://www.kubernetes.dev/docs/guide/issue-triage/ Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.