Open FrancoisPoinsot opened 1 year ago
a concrete example of the problem I am facing is with the emissary-ingress CRD from v1 and v2 schema.
They had to update these CRD to support the rule introduced above in k8s 1.22.
These CRDs are a valid "structural schema" because there is a lot of x-kubernetes-preserve-unknown-fields: true
The error message that I get is:
Mapping my-mapping is invalid: problem validating schema. Check JSON formatting: jsonschema: '/spec' does not validate with https://raw.githubusercontent.com/cognitedata/CRDs-catalog/main/getambassador.io/mapping_v2.json#/properties/spec/additionalProperties: additionalProperties 'ambassador_id' not allowed
ambassador_id
is an essential field but it is either a string
or string[]
in v1 and v2.
That type does not fit the contraints set by k8s.
So the field is intended to be "untyped".
This issue might be related to https://github.com/yannh/kubeconform/issues/199 but the error message doesn't match what I expected. So in doubt I am opening a different isssue.
In the script to generate json schema there is a line to add
additionalProperties": False
whenadditionalProperties
is not defined https://github.com/yannh/kubeconform/blob/master/scripts/openapi2jsonschema.py#L27It matches almost the behavior from k8s but there is an exception. Can't find the code line but here is the doc: https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/
I want to make a PR to avoid adding
additionalProperties": False
whenx-kubernetes-preserve-unknown-fields: true
on the evaluated node.Would you be ok with that?