[Enhancement] clarify expectation around `schemaValidation` flag and `.spec.schemaValidation`

FrancoisPoinsot commented 1 month ago

Description

As far as I understand schemaValidation doesn't serve a purpose anymore. Both as a command flag and as a the .spec. schemaValidation field in the a policy.

You can still find reference about that field in the documentation that hints it is a valid workaround for solving problems related to missing CRD. Example: https://kyverno.io/docs/writing-policies/tips/#validate.

And this workaround makes sense. As you might expect kyverno validation to be dynamically typed. I certainly did.

This issue is a follow up to that thread: https://kubernetes.slack.com/archives/CLGR9BJU9/p1719931376972489 In there you can find the statement "That's correct, a CRD is always required.". I think this is a very clear statement that I wish would be directly available in the documentation.

recommendation:

state clearly in the documentation that CRD is always required
cleanup references to schemaValidation that are not about deprecation.

Slack discussion

https://kubernetes.slack.com/archives/CLGR9BJU9/p1719931376972489

welcome[bot] commented 1 month ago

Thanks for opening your first issue here! Be sure to follow the issue template!

lavishpal commented 1 month ago

/assign

kyverno / website

[Enhancement] clarify expectation around `schemaValidation` flag and `.spec.schemaValidation` #1347

Description

Slack discussion