Closed nozawana44 closed 1 year ago
I encountered the same problem.
I modified kubeconform as follows:
diff --git a/pkg/validator/validator.go b/pkg/validator/validator.go
index f4827c8..3096c6e 100644
--- a/pkg/validator/validator.go
+++ b/pkg/validator/validator.go
@@ -6,6 +6,7 @@ import (
"errors"
"fmt"
"io"
+ "log"
jsonschema "github.com/santhosh-tekuri/jsonschema/v5"
_ "github.com/santhosh-tekuri/jsonschema/v5/httploader"
@@ -257,6 +258,7 @@ func downloadSchema(registries []registry.Registry, kind, version, k8sVersion st
schema, err := jsonschema.CompileString(path, string(schemaBytes))
// If we got a non-parseable response, we try the next registry
if err != nil {
+ log.Print(fmt.Sprintln(err))
continue
}
return schema, err
and I got the following message:
$ cat a.yaml | /home/umezawa/go/src/github.com/yannh/kubeconform/bin/kubeconform --debug --verbose \
--schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json'
2023/07/14 18:45:33 using schema found at https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/projectcontour.io/httpproxy_v1.json
2023/07/14 18:45:33 jsonschema https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/projectcontour.io/httpproxy_v1.json compilation failed: '/properties/spec/properties/routes/items/properties/services/items/properties/port/exclusiveMaximum' does not validate with https://json-schema.org/draft/2020-12/schema#/allOf/1/$ref/properties/properties/additionalProperties/$dynamicRef/allOf/1/$ref/properties/properties/additionalProperties/$dynamicRef/allOf/1/$ref/properties/items/$dynamicRef/allOf/1/$ref/properties/properties/additionalProperties/$dynamicRef/allOf/1/$ref/properties/items/$dynamicRef/allOf/1/$ref/properties/properties/additionalProperties/$dynamicRef/allOf/3/$ref/properties/exclusiveMaximum/type: expected number, but got boolean
stdin - HTTPProxy argocd-server failed validation: could not find schema for HTTPProxy
The JSON schema library seems to misunderstand exclusiveMaximum
field. kubeconform v0.5.0 and v0.6.0 use different libraries (https://github.com/yannh/kubeconform/pull/168). It seems why v0.5.0 does not have the same problem.
Patch HTTPProxy's json schema:
--- json-schemas/httpproxy-projectcontour.io-v1.json 2023-07-14 17:55:44.585104029 +0900
+++ json-schemas/httpproxy-projectcontour.io-v1-patched.json 2023-07-14 18:30:31.444792578 +0900
@@ -1053,8 +1053,7 @@
},
"port": {
"description": "Port (defined as Integer) to proxy traffic to since a service can have multiple defined.",
- "exclusiveMaximum": true,
- "maximum": 65536,
+ "maximum": 65535,
"minimum": 1,
"type": "integer"
},
@@ -1445,8 +1444,7 @@
},
"port": {
"description": "Port (defined as Integer) to proxy traffic to since a service can have multiple defined.",
- "exclusiveMaximum": true,
- "maximum": 65536,
+ "maximum": 65535,
"minimum": 1,
"type": "integer"
},
and specify it before CRDs-catalog:
$ cat a.yaml | /home/umezawa/go/src/github.com/yannh/kubeconform/bin/kubeconform --debug --verbose \
--schema-location 'json-schemas/{{.ResourceKind}}-{{.Group}}-{{.ResourceAPIVersion}}-patched.json' \
--schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json'
2023/07/14 18:45:45 using schema found at json-schemas/httpproxy-projectcontour.io-v1-patched.json
stdin - HTTPProxy argocd-server is valid
Urgh. That's :100: discovery :heart: Do you think you could build a reproducible use case and report it here ? https://github.com/santhosh-tekuri/jsonschema/issues That would be awesome...
Just in case, I checked the corresponding section in JSON schema specification https://json-schema.org/understanding-json-schema/reference/numeric.html#range before reporting. It says that exclusiveMaximum
in the Draft 4 is boolean but that in later specifications is the same type as minimum
- in the HTTPProxy's case, integer.
... what shall we do?
Oops, sorry, I didn't know that CRDs must be written on the basis of Draft 4. https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#jsonschemaprops-v1-apiextensions-k8s-io
This problem would be solved just by setting specification version to be referred by the schema compiler.
So we are using the latest version of JSON Schema instead of forcing Draft 4? That sounds like an easy enough fix?
Just tagged v0.6.3 which fixes this issue! Thanks a lot @umezawatakeshi your investigation really helped getting this resolved :heart:
Thanks a lot :+1:
kubeconform could not find schema for HTTPProxy since v0.6.0. This was not the case in the prior version (v0.5.0) where it functioned as expected.
manifest:
v0.5.0
v0.6.0