-
Notifications
You must be signed in to change notification settings - Fork 38.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CustomResourceDefinition schemas should support $ref #91669
Labels
area/custom-resources
kind/feature
Categorizes issue or PR as related to a new feature.
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
Comments
k8s-ci-robot
added
the
needs-sig
Indicates an issue or PR lacks a `sig/foo` label and requires one.
label
Jun 2, 2020
Related: #59485 /sig api-machinery |
k8s-ci-robot
added
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
area/custom-resources
and removed
needs-sig
Indicates an issue or PR lacks a `sig/foo` label and requires one.
labels
Jun 2, 2020
Jc2k
changed the title
CustomResourceDefinition schemas should support patternProperties
CustomResourceDefinition schemas should support $ref / patternProperties
Jun 2, 2020
Jc2k
changed the title
CustomResourceDefinition schemas should support $ref / patternProperties
CustomResourceDefinition schemas should support $ref
Jun 2, 2020
Thanks for the request. This is a duplicate of #62872 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
area/custom-resources
kind/feature
Categorizes issue or PR as related to a new feature.
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
What would you like to be added:
I would like to be able to use
$ref
as part of a CRD schema to enable a somewhat recursive schema to apply validation to child values in a map. Here is a simple JSON schema that shows what I mean.(When i first opened the ticket I thought I needed
patternProperties
, and the ticket was about supporting that, but it looks like I should be able to do this withadditionalProperties
instead?)The intention is to ultimately enable something like:
As you can see the field names are not known at CRD creation time. This is part of a "glue" operator - generating various configs and "sticking" together various Deployments according to best practice. So I cannot lock down the field names or avoid the recursion.
While I've been able to mock up the validation in JSON schema, obviously kubernetes imposes its own restrictions on top and also uses openapi 3.0, not jsonschema, which is both a subset and a superset of jsonschema. While OpenAPI has shifted from being a subset AND superset of JSON schema in 3.0 to being a superset of JSON schema draft 7 in OpenAPI 3.1, that doesn't help because Kubernetes is still a subset in its own right.
Why is this needed:
Right now, it looks like something like this /might/ allow CRD instances to be created?
But without nesting, the validation is inadequate and will probably need a admission webhook just to run a full jsonschema validation pass in addition to a minimal CRD one.
I'm also not sure of the implications here for structural schemas, as
additionalProperties
: true don't feel very structural when the schema of the value is not specified? Would this even be a valid structural schema? It seems like recursive approach might give kubernetes more clues about the structure of a schema thanadditionalProperties: true
can.The text was updated successfully, but these errors were encountered: