Kubectl-validate Bug: Overwritten Keys with Invalid Suffix Not Detected

[Yashi5108]

What happened?

When using kubectl-validate to validate a ChaosEngine YAML manifest, the tool did not flag keys that were overwritten with an invalid suffix (1111). Despite the keys clearly being incorrect and not matching the expected schema, kubectl-validate did not raise any errors or warnings.

What did you expect to happen?

I expected kubectl-validate to detect and flag the overwritten keys with the invalid suffix (1111) as errors. The tool should have identified that these keys do not conform to the expected schema for a ChaosEngine resource and provided appropriate validation errors.

How can we reproduce it (as minimally and precisely as possible)?

Create a ChaosEngine YAML manifest with keys overwritten with an invalid suffix (1111). Below is an example manifest:

apiVersion: litmuschaos.io/v1alpha1 kind: ChaosEngine metadata: name: v1alpha1 namespace: default spec: annotationCheck1111: 'true' appinfo1111: appkind: deployment applabel: app=nginx appns: default auxiliaryAppInfo1111: '' chaosServiceAccount1111: container-kill-sa components1111: runner: image1111: litmuschaos/chaos-runner:latest imagePullPolicy1111: IfNotPresent imagePullSecrets:

• name1111: testing engineState1111: active experiments1111:
  • name: container-kill spec: components: experimentImagePullSecrets1111:
    • name1111: testing jobCleanUpPolicy1111: delete monitoring1111: false

Run the kubectl-validate command against this manifest.

Observe that kubectl-validate does not raise any errors or warnings for the invalid keys.

Anything else we need to know?

The issue seems to be related to the schema validation process within kubectl-validate. It appears that the tool is not correctly identifying keys that do not conform to the expected schema when they are suffixed with invalid characters or numbers. I am validating it chaosengines.litmuschaos.io crd.

Kubernetes version

kubectl version --client Client Version: v1.30.2 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3

kubectl version Client Version: v1.30.2 Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3

### Tasks

[crandles]

I believe what's missing here is enabling "Strict" mode for the serializer

https://pkg.go.dev/k8s.io/apimachinery@v0.31.1/pkg/runtime#SerializerInfo

// StrictSerializer, if set, deserializes this object strictly, // erring on unknown fields. StrictSerializer Serializer

• https://github.com/kubernetes-sigs/kubectl-validate/blob/ce13d95db2635d8b03c3e9faf0c2fafe35c4e41b/pkg/cmd/validate.go#L296C17-L296C44
• https://pkg.go.dev/k8s.io/apimachinery/pkg/runtime/serializer#EnableStrict

This seems like something I'd also expect to be enabled by default.