missing exception for x-kubernetes-preserve-unknown-fields

[FrancoisPoinsot]

This issue might be related to https://github.com/yannh/kubeconform/issues/199 but the error message doesn't match what I expected. So in doubt I am opening a different isssue.

In the script to generate json schema there is a line to add additionalProperties": False when additionalProperties is not defined https://github.com/yannh/kubeconform/blob/master/scripts/openapi2jsonschema.py#L27

It matches almost the behavior from k8s but there is an exception. Can't find the code line but here is the doc: https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/

By default, all unspecified fields for a custom resource, across all versions, are pruned. It is possible though to opt-out of that for specifc sub-trees of fields by adding x-kubernetes-preserve-unknown-fields: true in the structural OpenAPI v3 validation schema.

I want to make a PR to avoid adding additionalProperties": False when x-kubernetes-preserve-unknown-fields: true on the evaluated node.

Would you be ok with that?

[FrancoisPoinsot]

a concrete example of the problem I am facing is with the emissary-ingress CRD from v1 and v2 schema. They had to update these CRD to support the rule introduced above in k8s 1.22. These CRDs are a valid "structural schema" because there is a lot of x-kubernetes-preserve-unknown-fields: true

The error message that I get is:

Mapping my-mapping is invalid: problem validating schema. Check JSON formatting: jsonschema: '/spec' does not validate with https://raw.githubusercontent.com/cognitedata/CRDs-catalog/main/getambassador.io/mapping_v2.json#/properties/spec/additionalProperties: additionalProperties 'ambassador_id' not allowed

ambassador_id is an essential field but it is either a string or string[] in v1 and v2. That type does not fit the contraints set by k8s. So the field is intended to be "untyped".