-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validation of ClusterRole with system:
Prefix Fails
#115
Comments
This is a bug. Unfortunately Kubernetes native type schemas do not include information for how the resource should be validated. We can workaround this for now until they are populated by hardcoding them for the embedded schemas, since they do not change except for new resources /assign |
Hi @alexzielenski, I'm also running into this issue and I've been trying to create a workaround, but can't seem to make it work. My idea was to write a schema patch: {
"components": {
"schemas": {
"io.k8s.api.rbac.v1.ClusterRole": {
"properties": {
"metadata": {
"allOf": [
{
"$ref": "#/components/schemas/CustomObjectMeta"
}
]
}
}
},
"CustomObjectMeta": {
"properties": {
"name": {
"type": "string"
}
},
"x-kubernetes-validations": [
{
"rule": "1 == 2"
}
]
}
}
}
} When I run Is it possible for me to write a temporary workaround or should this be fixed in Thanks in advance! |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
not stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
Looking at the schema files in /remove-lifecycle rotten |
Same seems to apply for I specifically ran into this issue with cert-manager which is using |
@jplitza So to my understanding this bug happens because of the following The Validate uses customresource.NewStrategy. @alexzielenski I am willing to work on creating a work around for this, but I am not sure whats the best approach here. I am not versed enough in the K8S libraries to know if there is a way that doesn't really on a custom exception list, but rather relies on the logic already present on the server side. 🤔 |
What happened?
The validation of ClusterRoles with the
system:
prefix as used by the Vertical Pod Autoscaler in the name fails:What did you expect to happen?
The validation for ClusterRoles with the
system:
prefix in the name shouldn't fail.How can we reproduce it (as minimally and precisely as possible)?
Save the following yaml as
vpa-actor.yaml
file and validate it withkubectl validate vpa-actor.yaml
Anything else we need to know?
No response
Kubernetes version
The text was updated successfully, but these errors were encountered: