The struct definitions for a CRD and it's fields don't contain json:"x" fields and therefore cannot be unmarshalled to yaml

I'm currently trying to add k8s.io/apiextensions-apiservrer release-1.9 as a dependency to my project. However when I run the following:

dep ensure -add k8s.io/[email protected]

The process just hangs and never completes. I've attempted this from multiple machines and networks to rule out the basic issues on my end. Is this expected behavior?

if you are tracking head of the k8s.io dependencies it's not building. if moved out form project dir

$ go build 
./main.go:50: cannot use config (type *"k8s.io/client-go/rest".Config) as type *"k8s.io/apiextensions-apiserver/vendor/k8s.io/client-go/rest".Config in argument to clientset.NewForConfig
./main.go:66: cannot use config (type *"k8s.io/client-go/rest".Config) as type *"k8s.io/apiextensions-apiserver/vendor/k8s.io/client-go/rest".Config in argument to client.NewClient
./main.go:85: cannot use "k8s.io/apimachinery/pkg/apis/meta/v1".ObjectMeta literal (type "k8s.io/apimachinery/pkg/apis/meta/v1".ObjectMeta) as type "k8s.io/apiextensions-apiserver/vendor/k8s.io/apimachinery/pkg/apis/meta/v1".ObjectMeta in field value

Steps to reproduce...

Create example CRD:

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: crontabs.stable.example.com
spec:
  group: stable.example.com
  version: v1
  scope: Namespaced
  names:
    plural: crontabs
    singular: crontab
    kind: CronTab
    shortNames:
    - ct
  validation:
   # openAPIV3Schema is the schema for validating custom objects.
    openAPIV3Schema:
      properties:
        spec:
          properties:
            cronSpec:
              type: string
              pattern: '^(\d+|\*)(/\d+)?(\s+(\d+|\*)(/\d+)?){4}$'
            replicas:
              type: integer
              minimum: 1
              maximum: 10

Create instance:

apiVersion: stable.example.com/v1
kind: CronTab
metadata:
  name: c
spec:
  cSpec: foo

This is accepted, but should result in an error since there is no field cSpec

Create example CRD, but make spec an object

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: crontabs.stable.example.com
spec:
  group: stable.example.com
  version: v1
  scope: Namespaced
  names:
    plural: crontabs
    singular: crontab
    kind: CronTab
    shortNames:
    - ct
  validation:
   # openAPIV3Schema is the schema for validating custom objects.
    openAPIV3Schema:
      properties:
        spec:
          type: object
          properties:
            cronSpec:
              type: string
              pattern: '^(\d+|\*)(/\d+)?(\s+(\d+|\*)(/\d+)?){4}$'
            replicas:
              type: integer
              minimum: 1
              maximum: 10

Create an instance with an empty spec

apiVersion: stable.example.com/v1
kind: CronTab
metadata:
  name: c
spec:

This throws the following error, but shouldn't since spec doesn't have any required fields:

The CronTab "c" is invalid: []: Invalid value: map[string]interface {}{"apiVersion":"stable.example.com/v1", "kind":"CronTab", "metadata":map[string]interface {}{"name":"c", "namespace":"default", "creationTimestamp":"2018-02-16T15:53:27Z", "uid":"86df4c72-1331-11e8-8944-42010a800029", "selfLink":"", "clusterName":""}, "spec":interface {}(nil)}: validation failure list:

We are waiting for the CRD to be ready here: https://github.com/kubernetes/apiextensions-apiserver/blob/master/examples/client-go/client/cr.go#L58-L77

But even with both the conditions satisfying, the endpoint might not be ready. See:

➜  prometheus-operator git:(v1-move) ✗ kc get crd -oyaml
apiVersion: v1
items:
- apiVersion: apiextensions.k8s.io/v1beta1
  kind: CustomResourceDefinition
  metadata:
    creationTimestamp: 2017-08-08T11:37:07Z
    name: prometheuses.monitoring.coreos.com
    namespace: ""
    resourceVersion: "528"
    selfLink: /apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions/prometheuses.monitoring.coreos.com
    uid: e8cc861e-7c2d-11e7-874c-080027e7de4b
  spec:
    group: monitoring.coreos.com
    names:
      kind: Prometheus
      listKind: PrometheusList
      plural: prometheuses
      singular: prometheus
    scope: Namespaced
    version: v1
  status:
    acceptedNames:
      kind: Prometheus
      listKind: PrometheusList
      plural: prometheuses
      singular: prometheus
    conditions:
    - lastTransitionTime: null
      message: no conflicts found
      reason: NoConflicts
      status: "True"
      type: NamesAccepted
    - lastTransitionTime: 2017-08-08T11:37:07Z
      message: the initial names have been accepted
      reason: InitialNamesAccepted
      status: "True"
      type: Established
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""
➜  prometheus-operator git:(v1-move) ✗ kc get prometheus
Error from server (NotFound): Unable to list "prometheuses": the server could not find the requested resource (get prometheuses.monitoring.coreos.com)
➜  prometheus-operator git:(v1-move) ✗ kc create -f prom-v1.yaml
Error from server (NotFound): error when creating "prom-v1.yaml": the server could not find the requested resource (post prometheuses.monitoring.coreos.com)
.
.
.
# Several mins later:
➜  prometheus-operator git:(v1-move) ✗ kc get prometheus
No resources found.
➜  prometheus-operator git:(v1-move) ✗ kc create -f prom-v1.yaml
prometheus "main" created

Running 1.7.0 on minikube:

➜  prometheus-operator git:(v1-move) ✗ kc version
Client Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.2", GitCommit:"922a86cfcd65915a9b2f69f3f193b8907d741d9c", GitTreeState:"clean", BuildDate:"2017-07-21T19:06:19Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.0", GitCommit:"d3ada0119e776222f11ec7945e6d860061339aad", GitTreeState:"clean", BuildDate:"2017-07-26T00:12:31Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}

Is this a bug or just a bad way to wait for ready?

Thanks,
Goutham.

There is a helper method in the example that creates a CRD and waits for it to be established. I have a similar method but a bit more sophisticated (uses a lister instead of a rest client, handles a number of edge cases like conflicts, can update CRD if it does not match). If there is interest I can submit a PR with it. Perhaps will need to make it more flexible first.

Existing code: https://github.com/kubernetes/apiextensions-apiserver/blob/master/examples/client-go/client/cr.go#L38

My version: https://github.com/atlassian/smith/blob/master/pkg/resources/crd_helpers.go#L38

This issue is about the JSONSchemaProps type defined in:

• k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
• k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1

Currently, these types do not support yaml encoding, as they come only with json field tags and implement only MarshalJSON and UnmarshalJSON for the types with custom encoding such as JSONSchemaPropsOrArray.

This has lead to subtle bugs where certain fields might not be decoded correctly, while others fields (because of most YAML decoders' behavior) are still matched correctly even if the casing differs.

I would like to solve this by adding the necessary field tags and methods necessary for custom YAML encoding.

I'm assuming this should be done in k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 only, or should we also retrofit the change into [k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1?

If this issue is accepted, I would like to provide a PR I have already been working on.

Would it be possible for the SharedInformerFactory to be able to monitor a list of namespaces instead of either any or a specific one?

Seems CRD currently doesn’t support sub resource other than status and scale.
So does this project have plan to support other sub resource? In Kubernetes there are a number of other subresources like /log, /exec, /bind. Although their semantics is much more special than /status and /scale, but user needs apiextension-apiserver to allow implemting semantics.

I could use client-go or CRD yaml file to create a CRD resource. But I need a resource with multiple versions in one cluster to do different things. I have tried but always got the error that the CRD resource has been created (using client-go) or field is immutable (using CRD yaml file).

So is it invalid to create a CRD resource with multiple versions?

This is a consequence of this go-api bug.
I have use case where I include the v1.podSpec in my CRD OpenAPI validation, this includes things like downwardAPI whose validation schemas is like:

			                "downwardAPI": {
                                            "description": "Represents downward API info for projecting into a projected volume\
. Note that this is identical to a downwardAPI volume source without the default mode.",
                                            "properties": {
                                                "items": {
                                                    "description": "Items is a list of DownwardAPIVolume file",

This will fail validation with an error like:

type in volumes.downwardAPI is required

This will happen for any OpenAPI validation that contains a properties list with a proeprty called "items". This is because there is a check in the go-openapi validator checking for correct use of array "items" defns which does not check the context of the "items" attribute.

I am writing a golang code to create a CustomResourceDefinition using k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1. When writing the Schema for this CRD
"tls": { Type: "object", Required: []string{"sslKeyCertificate"}, Properties: map[string]apiextensionv1.JSONSchemaProps{ "sslKeyCertificate": { Type: "object", Required: []string{"name", "type"}, Properties: map[string]apiextensionv1.JSONSchemaProps{ "name": { Type: "string", }, "type": { Type: "string", Enum: []apiextensionv1.JSON{ { Raw: []byte("ref"), }, }, }, }, }, }, },

When specifying the Enum value, i get the error "error": "json: error calling MarshalJSON for type v1.JSON: invalid character 'e' looking for beginning of value"

I have tried multiple methods of feeding this data, some examples being -
Raw: json.Marshal("ref")
Raw: []byte("ref")
Raw: []byte(strconv.Quote(fmt.Sprintf("%v", ref)))

Nothing seems to work.

kubectl get crd fails, but kubectl get customresourcedefinition succeeds.

➜  ~ kc get customresourcedefinition; kc get crd
NAME                                 KIND
prometheuses.monitoring.coreos.com   CustomResourceDefinition.v1beta1.apiextensions.k8s.io
the server doesn't have a resource type "crd"

And:

➜  ~ kc get customresourcedefinition -oyaml
apiVersion: v1
items:
- apiVersion: apiextensions.k8s.io/v1beta1
  kind: CustomResourceDefinition
  metadata:
    creationTimestamp: 2017-08-08T12:17:39Z
    name: prometheuses.monitoring.coreos.com
    namespace: ""
    resourceVersion: "3420"
    selfLink: /apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions/prometheuses.monitoring.coreos.com
    uid: 91d678e5-7c33-11e7-874c-080027e7de4b
  spec:
    group: monitoring.coreos.com
    names:
      kind: Prometheus
      listKind: PrometheusList
      plural: prometheuses
      shortNames:
      - prom
      singular: prometheus
    scope: Namespaced
    version: v1
  status:
    acceptedNames:
      kind: Prometheus
      listKind: PrometheusList
      plural: prometheuses
      shortNames:
      - prom
      singular: prometheus
    conditions:
    - lastTransitionTime: null
      message: no conflicts found
      reason: NoConflicts
      status: "True"
      type: NamesAccepted
    - lastTransitionTime: 2017-08-08T12:17:39Z
      message: the initial names have been accepted
      reason: InitialNamesAccepted
      status: "True"
      type: Established
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

➜  ~ kc version
Client Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.2", GitCommit:"922a86cfcd65915a9b2f69f3f193b8907d741d9c", GitTreeState:"clean", BuildDate:"2017-07-21T19:06:19Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.0", GitCommit:"d3ada0119e776222f11ec7945e6d860061339aad", GitTreeState:"clean", BuildDate:"2017-07-26T00:12:31Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}

Common core types like ObjectMeta and PodSpec blow up the CRD validation into something unmanageable. Openapi supports references to other specs. We need to be able to reference core schema types from the validation so that CRDs aren't bloated with 100's of lines of boilerplate validation that obfuscates the important pieces defined by the user.

Related to #5 #6

Here there are TPRs with version v1alpha1 and a CRD with the same group but version v1. There used to be a prometheus TPR with v1alpha1 but that was deleted and a CRD was created in its place.

Are there chances that we are somehow still routing requests to the TPR?

➜  prometheus-operator git:(v1-move) ✗ kc get customresourcedefinition -oyaml
apiVersion: v1
items:
- apiVersion: apiextensions.k8s.io/v1beta1
  kind: CustomResourceDefinition
  metadata:
    creationTimestamp: 2017-08-10T03:37:14Z
    name: prometheuses.monitoring.coreos.com
    namespace: ""
    resourceVersion: "35219"
    selfLink: /apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions/prometheuses.monitoring.coreos.com
    uid: 3379b97d-7d7d-11e7-9b87-080027e7de4b
  spec:
    group: monitoring.coreos.com
    names:
      kind: Prometheus
      listKind: PrometheusList
      plural: prometheuses
      shortNames:
      - prom
      singular: prometheus
    scope: Namespaced
    version: v1
  status:
    acceptedNames:
      kind: Prometheus
      listKind: PrometheusList
      plural: prometheuses
      shortNames:
      - prom
      singular: prometheus
    conditions:
    - lastTransitionTime: null
      message: no conflicts found
      reason: NoConflicts
      status: "True"
      type: NamesAccepted
    - lastTransitionTime: 2017-08-10T03:37:14Z
      message: the initial names have been accepted
      reason: InitialNamesAccepted
      status: "True"
      type: Established
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

➜  prometheus-operator git:(v1-move) ✗ kc get prometheus; kc get prom
No resources found.
the server doesn't have a resource type "prom"
➜  prometheus-operator git:(v1-move) ✗ kc get crd
the server doesn't have a resource type "crd"

➜  prometheus-operator git:(v1-move) ✗ kc get thirdpartyresources -oyaml
apiVersion: v1
items:
- apiVersion: extensions/v1beta1
  description: Managed Alertmanager cluster
  kind: ThirdPartyResource
  metadata:
    creationTimestamp: 2017-08-10T03:34:30Z
    name: alertmanager.monitoring.coreos.com
    namespace: ""
    resourceVersion: "35020"
    selfLink: /apis/extensions/v1beta1/thirdpartyresources/alertmanager.monitoring.coreos.com
    uid: d1bcf01b-7d7c-11e7-9b87-080027e7de4b
  versions:
  - name: v1alpha1
- apiVersion: extensions/v1beta1
  description: Prometheus monitoring for a service
  kind: ThirdPartyResource
  metadata:
    creationTimestamp: 2017-08-10T03:34:30Z
    name: service-monitor.monitoring.coreos.com
    namespace: ""
    resourceVersion: "35026"
    selfLink: /apis/extensions/v1beta1/thirdpartyresources/service-monitor.monitoring.coreos.com
    uid: d1f053d2-7d7c-11e7-9b87-080027e7de4b
  versions:
  - name: v1alpha1
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

The purpose of the SECURITY_CONTACTS file for each Kubernetes repository is to provide a list of people who can assist the Kubernetes Product Security Committe in the event that a security issue related to this repository is discovered or disclosed. As described in the file, those on the list should agree to our Embargo Policy.

Please update the SECURITY_CONTACTS file for this repository. After finding people who are willing to work in this capacity, you should add them to the list, then remove PSC members (except any PSC member will be working as a security contact for this repository). The list is GitHub usernames, optionally followed by an email address. If no email address is listed, the PSC will use the email address found on git commits made by the listed user.

/lifecycle frozen
See kubernetes/committee-security-response#92

Hi Guys,

maybe my problem is easy to solve but I can't get it working.
My goal is just to list/get CRD in my cluster (not created by me, already present).

I wrote the following code:

package main
import (
    "fmt"

    restext "k8s.io/apiextensions-apiserver/vendor/k8s.io/client-go/rest"
    ext "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1"
)
var k8sext, _ = newK8Sextclient()              // k8s client

func main() {
    fmt.Println("test")
}

func newK8Sextclient() (*ext.ApiextensionsV1beta1Client, error) {
    configext, err := restext.InClusterConfig()
    if err != nil { panic(err.Error()) }
    return ext.NewForConfig(configext)
}

but I get:
main.go:5:5: use of vendored package not allowed

What am I doing wrong?

Instead if I use the package "k8s.io/client-go/rest" I get this other error:
./main.go:18:28: cannot use configext (type *"k8s.io/client-go/rest".Config) as type *"k8s.io/apiextensions-apiserver/vendor/k8s.io/client-go/rest".Config in argument to "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1".NewForConfig

Thanks for your help

Hi,

I'm hitting the following issue while trying to import the "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/validation" package to leverage CRD validation from a CustomValidator for crossplane/crossplane.

The go.mod contains:

module github.com/crossplane/crossplane

go 1.20

require (
	dario.cat/mergo v1.0.0
	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1
	github.com/Masterminds/semver v1.5.0
	github.com/alecthomas/kong v0.8.0
	github.com/bufbuild/buf v1.26.1
	github.com/crossplane/crossplane-runtime v0.20.1
	github.com/cyphar/filepath-securejoin v0.2.3
	github.com/google/go-cmp v0.5.9
	github.com/google/go-containerregistry v0.16.1
	github.com/google/go-containerregistry/pkg/authn/k8schain v0.0.0-20230617045147-2472cbbbf289
	github.com/google/uuid v1.3.0
	github.com/jmattheis/goverter v0.17.4
	github.com/opencontainers/runtime-spec v1.1.0-rc.3.0.20230610073135-48415de180cf
	github.com/pkg/errors v0.9.1
	github.com/sirupsen/logrus v1.9.3
	github.com/spf13/afero v1.9.5
	golang.org/x/sync v0.3.0
	golang.org/x/sys v0.11.0
	google.golang.org/grpc v1.57.0
	google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0
	google.golang.org/protobuf v1.31.0
	k8s.io/api v0.27.3
	k8s.io/apiextensions-apiserver v0.27.3
	k8s.io/apimachinery v0.27.3
	k8s.io/client-go v0.27.3
	k8s.io/code-generator v0.27.3
	k8s.io/utils v0.0.0-20230505201702-9f6742963106
	kernel.org/pub/linux/libs/security/libcap/cap v1.2.69
	sigs.k8s.io/controller-runtime v0.15.0
	sigs.k8s.io/controller-tools v0.12.1
	sigs.k8s.io/e2e-framework v0.2.1-0.20230716064705-49e8554b536f
	sigs.k8s.io/kind v0.20.0
	sigs.k8s.io/yaml v1.3.0
)

require google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19 // indirect

require (
	cloud.google.com/go/compute v1.19.3 // indirect
	cloud.google.com/go/compute/metadata v0.2.3 // indirect
	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
	github.com/Azure/go-autorest/autorest v0.11.29 // indirect
	github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
	github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
	github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
	github.com/Azure/go-autorest/logger v0.2.1 // indirect
	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
	github.com/Microsoft/go-winio v0.6.1 // indirect
	github.com/aws/aws-sdk-go-v2 v1.18.0 // indirect
	github.com/aws/aws-sdk-go-v2/config v1.18.25 // indirect
	github.com/aws/aws-sdk-go-v2/credentials v1.13.24 // indirect
	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.3 // indirect
	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.33 // indirect
	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.27 // indirect
	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.34 // indirect
	github.com/aws/aws-sdk-go-v2/service/ecr v1.18.11 // indirect
	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.16.2 // indirect
	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.27 // indirect
	github.com/aws/aws-sdk-go-v2/service/sso v1.12.10 // indirect
	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.10 // indirect
	github.com/aws/aws-sdk-go-v2/service/sts v1.19.0 // indirect
	github.com/aws/smithy-go v1.13.5 // indirect
	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20230510185313-f5e39e5f34c7 // indirect
	github.com/beorn7/perks v1.0.1 // indirect
	github.com/bufbuild/connect-go v1.9.0 // indirect
	github.com/bufbuild/connect-opentelemetry-go v0.4.0 // indirect
	github.com/bufbuild/protocompile v0.6.0 // indirect
	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
	github.com/cespare/xxhash/v2 v2.2.0 // indirect
	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
	github.com/dave/jennifer v1.6.0 // indirect
	github.com/davecgh/go-spew v1.1.1 // indirect
	github.com/dimchansky/utfbom v1.1.1 // indirect
	github.com/docker/cli v24.0.4+incompatible // indirect
	github.com/docker/distribution v2.8.2+incompatible // indirect
	github.com/docker/docker v24.0.4+incompatible // indirect
	github.com/docker/docker-credential-helpers v0.8.0 // indirect
	github.com/docker/go-connections v0.4.0 // indirect
	github.com/docker/go-units v0.5.0 // indirect
	github.com/emicklei/go-restful/v3 v3.10.2 // indirect
	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
	github.com/fatih/color v1.15.0 // indirect
	github.com/felixge/fgprof v0.9.3 // indirect
	github.com/fsnotify/fsnotify v1.6.0 // indirect
	github.com/go-chi/chi/v5 v5.0.10 // indirect
	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
	github.com/go-logr/logr v1.2.4 // indirect
	github.com/go-logr/stdr v1.2.2 // indirect
	github.com/go-logr/zapr v1.2.4 // indirect
	github.com/go-openapi/jsonpointer v0.19.6 // indirect
	github.com/go-openapi/jsonreference v0.20.2 // indirect
	github.com/go-openapi/swag v0.22.3 // indirect
	github.com/gobuffalo/flect v1.0.2 // indirect
	github.com/gofrs/uuid/v5 v5.0.0 // indirect
	github.com/gogo/protobuf v1.3.2 // indirect
	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
	github.com/golang/protobuf v1.5.3 // indirect
	github.com/google/gnostic v0.6.9 // indirect
	github.com/google/go-containerregistry/pkg/authn/kubernetes v0.0.0-20230516205744-dbecb1de8cfa // indirect
	github.com/google/gofuzz v1.2.0 // indirect
	github.com/google/pprof v0.0.0-20230705174524-200ffdc848b8 // indirect
	github.com/hashicorp/errwrap v1.1.0 // indirect
	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
	github.com/hashicorp/go-hclog v1.0.0 // indirect
	github.com/hashicorp/go-multierror v1.1.1 // indirect
	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect
	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
	github.com/hashicorp/hcl v1.0.0 // indirect
	github.com/hashicorp/vault/api v1.9.2 // indirect
	github.com/imdario/mergo v0.3.16 // indirect
	github.com/inconshreveable/mousetrap v1.1.0 // indirect
	github.com/jdxcode/netrc v0.0.0-20221124155335-4616370d1a84 // indirect
	github.com/jmespath/go-jmespath v0.4.0 // indirect
	github.com/josharian/intern v1.0.0 // indirect
	github.com/json-iterator/go v1.1.12 // indirect
	github.com/klauspost/compress v1.16.7 // indirect
	github.com/klauspost/pgzip v1.2.6 // indirect
	github.com/mailru/easyjson v0.7.7 // indirect
	github.com/mattn/go-colorable v0.1.13 // indirect
	github.com/mattn/go-isatty v0.0.17 // indirect
	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
	github.com/mitchellh/go-homedir v1.1.0 // indirect
	github.com/mitchellh/mapstructure v1.5.0 // indirect
	github.com/moby/spdystream v0.2.0 // indirect
	github.com/moby/term v0.5.0 // indirect
	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
	github.com/modern-go/reflect2 v1.0.2 // indirect
	github.com/morikuni/aec v1.0.0 // indirect
	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
	github.com/opencontainers/go-digest v1.0.0 // indirect
	github.com/opencontainers/image-spec v1.1.0-rc4 // indirect
	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
	github.com/pkg/profile v1.7.0 // indirect
	github.com/prometheus/client_golang v1.15.1 // indirect
	github.com/prometheus/client_model v0.4.0 // indirect
	github.com/prometheus/common v0.44.0 // indirect
	github.com/prometheus/procfs v0.10.0 // indirect
	github.com/rs/cors v1.9.0 // indirect
	github.com/russross/blackfriday/v2 v2.1.0 // indirect
	github.com/ryanuber/go-glob v1.0.0 // indirect
	github.com/spf13/cobra v1.7.0 // indirect
	github.com/spf13/pflag v1.0.5 // indirect
	github.com/tetratelabs/wazero v1.3.1 // indirect
	github.com/vbatts/tar-split v0.11.3 // indirect
	github.com/vladimirvivien/gexe v0.2.0 // indirect
	go.opentelemetry.io/otel v1.16.0 // indirect
	go.opentelemetry.io/otel/metric v1.16.0 // indirect
	go.opentelemetry.io/otel/sdk v1.16.0 // indirect
	go.opentelemetry.io/otel/trace v1.16.0 // indirect
	go.uber.org/atomic v1.11.0 // indirect
	go.uber.org/multierr v1.11.0 // indirect
	go.uber.org/zap v1.24.0 // indirect
	golang.org/x/crypto v0.11.0 // indirect
	golang.org/x/mod v0.12.0 // indirect
	golang.org/x/net v0.13.0 // indirect; indirect // indirect
	golang.org/x/oauth2 v0.8.0 // indirect
	golang.org/x/term v0.10.0 // indirect
	golang.org/x/text v0.11.0 // indirect
	golang.org/x/time v0.3.0 // indirect
	golang.org/x/tools v0.11.0 // indirect
	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
	google.golang.org/appengine v1.6.7 // indirect
	gopkg.in/inf.v0 v0.9.1 // indirect
	gopkg.in/yaml.v2 v2.4.0 // indirect
	gopkg.in/yaml.v3 v3.0.1 // indirect
	k8s.io/component-base v0.27.3 // indirect
	k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect
	k8s.io/klog/v2 v2.100.1
	k8s.io/kube-openapi v0.0.0-20230525220651-2546d827e515 // indirect
	kernel.org/pub/linux/libs/security/libcap/psx v1.2.69 // indirect
	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
)

And trying to add "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/validation" I get:

go: finding module for package go.opentelemetry.io/otel/metric/instrument/syncint64
go: finding module for package go.opentelemetry.io/otel/metric/global
go: finding module for package go.opentelemetry.io/otel/metric/instrument/syncfloat64
github.com/crossplane/crossplane/internal/validation/apiextensions/v1/xrd imports
	k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/validation imports
	k8s.io/apiserver/pkg/util/webhook imports
	k8s.io/component-base/tracing imports
	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp imports
	go.opentelemetry.io/otel/metric/global: module go.opentelemetry.io/otel/metric@latest found (v1.16.0), but does not contain package go.opentelemetry.io/otel/metric/global
github.com/crossplane/crossplane/internal/validation/apiextensions/v1/xrd imports
	k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/validation imports
	k8s.io/apiserver/pkg/util/webhook imports
	k8s.io/component-base/tracing imports
	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp imports
	go.opentelemetry.io/otel/metric/instrument/syncfloat64: module go.opentelemetry.io/otel/metric@latest found (v1.16.0), but does not contain package go.opentelemetry.io/otel/metric/instrument/syncfloat64
github.com/crossplane/crossplane/internal/validation/apiextensions/v1/xrd imports
	k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/validation imports
	k8s.io/apiserver/pkg/util/webhook imports
	k8s.io/component-base/tracing imports
	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp imports
	go.opentelemetry.io/otel/metric/instrument/syncint64: module go.opentelemetry.io/otel/metric@latest found (v1.16.0), but does not contain package go.opentelemetry.io/otel/metric/instrument/syncint64

The above is due to the fact that lots of otel packages were moved to dedicated packages / deprecated.

So I guess the options could either be to update the dependencies importing otel or to split the go modules as suggested by #57. Any thought?

The following apply call fails for me, but creating the same file works.

$ k apply -f /var/tmp/kubevirt-demo/kubevirt/manifests/vm-resource.yaml
error: unable to decode "/var/tmp/kubevirt-demo/kubevirt/manifests/vm-resource.yaml": no kind "CustomResourceDefinition" is registered for version "apiextensions.k8s.io/v1beta1"

on a minikube:

$ minikube start --vm-driver kvm --network-plugin cni --iso-url https://storage.googleapis.com/minikube-builds/1846/minikube-testing.iso
Starting local Kubernetes v1.7.0 cluster...
Starting VM...
Getting VM IP address...
Moving files into cluster...
Setting up certs...
Starting cluster components...
Connecting to cluster...
Setting up kubeconfig...
Kubectl is now configured to use the cluster.

$ k api-versions
admissionregistration.k8s.io/v1alpha1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1beta1
apps/v1beta1
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
autoscaling/v2alpha1
batch/v1
batch/v2alpha1
certificates.k8s.io/v1beta1
extensions/v1beta1
networking.k8s.io/v1
policy/v1beta1
rbac.authorization.k8s.io/v1alpha1
rbac.authorization.k8s.io/v1beta1
settings.k8s.io/v1alpha1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1

Currently lots of tools/libraries import this repo to use CustomResourceDefinition/etc types. With that, lots of dependencies are imported. Most of them are not needed. This is problematic for many reasons - more code to download (slower builds), more code to scan for tools, etc.

Ideas:

• Move the API types into a separate repo like https://github.com/kubernetes/api
• Introduce a separate Go module in this repo. Maybe use workspace mode https://go.dev/doc/tutorial/workspaces

p.s. This may have been discussed already but I couldn't find any traces.

Despite validation of type=duration being documented as parsed by time.ParseDuration, which is what the unmarshaller does, it is actually parsed by strfmt.ParseDuration, which is more lenient in that it accepts d (days) and w (weeks).

The result is that the round trip is broken: go type => CRD => CR with d or w => apiserver validation (accepts d/w) => etcd => GET => unmarshal (blows up on d/w) => go type.

Example of such a CRD struct field definition.

And a BZ that uncovered the problem.

cf. kubernetes/apimachinery#131

Unfortunately, any solution that makes format=duration validation stricter could break backward compatibility for use cases that don't ultimately use go's time.ParseDuration.

A possibility would be adding a separate validator (format=strictduration?) that does strictly use time.ParseDuration as advertised. Long term, perhaps it would be appropriate to clone format=duration to format=scaladuration and eventually deprecate/remove the former.

Workaround (suggested by @JoelSpeed): Ditch format=duration and use an explicit regex instead. That would be a pity :(

I tried to implement CRD List client function and specify ListOptions, followed the same pattern used by standard objects and it didn’t seem to work, is there a documented/working way to do this?
Im specifically interested in the LabelSelector option

The following code didn’t work, and resulted in an error:
v1.ListOptions is not suitable for converting to "myorg.io/v1"

func (c *Client) List(namespace string, opts meta_v1.ListOptions) (*FunctionList, error) { 
       var result FunctionList
       err := c.restClient.Get().
              Namespace(namespace).Resource(c.getNamePlural()).
              VersionedParams(&opts, scheme.ParameterCodec).
              Do().Into(&result)
       return &result, err
}

it failed in the ParameterCodec.EncodeParameters() function (called by VersionedParams() )

Yaron

I think this is the same issue - except for CRDs, obviously - as kubernetes/client-go#60

Basically:

• Create a CRD and a matching controller
• Set up the controller to print out the TypeMeta details of any objects passed to the added function hook
• The objects that show up are missing TypeMeta

This does not happen for subsequent changes - triggering the updated hook - it only occurs for the first added call. I've traced it back to the reflector on the controller side, I think the problem is present in the representation the controller get over the wire, but I'm not sure where to look on the REST API side..

Happy to help if someone has pointers for where to look on the server side.

Here's a tiny project replicating the issue:
https://github.com/jakewins/crd-missing-type

Currently, we neither allow a {Type: "string"} attribute with a nullable field nor support

AnyOf: []JSONSchemaProps{
    {Type: "string"},
    {Type: "null"}
}

to allow null values for the given attribute. Has there been any decision not to support null values to attributes that I'm unaware of? This will be useful to support nulls, so that attributes don't require an "" empty string value to be passed.

Are there any future plans to support null values in attributes?

Thanks,
Goutam Tadi

Hi, I am trying to use unstructured in the CRD like this:

// BatchSpec defines the desired state of Batch
type BatchSpec struct {
	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
	// Important: Run "make" to regenerate code after modifying this file

	// Foo is an example field of Batch. Edit Batch_types.go to remove/update
	TrialTemplate *TrialTemplate `json:"trialTemplate,omitempty"`
}

type TrialTemplate struct {
	// Source for trial template (unstructured structure or config map)
	TrialSource `json:",inline"`
}

// TrialSource represent the source for trial template
// Only one source can be specified
type TrialSource struct {
	// TrialSpec represents trial template in unstructured format
	TrialSpec *unstructured.Unstructured `json:"trialSpec,omitempty"`
}

But we got errors when we use v1:

---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  annotations:
    controller-gen.kubebuilder.io/version: v0.4.1
  creationTimestamp: null
  name: batches.appv1.zhengwu.io
spec:
  group: appv1.zhengwu.io
  names:
    kind: Batch
    listKind: BatchList
    plural: batches
    singular: batch
  scope: Namespaced
  versions:
  - name: v1
    served: true
    storage: true
    schema:
      openAPIV3Schema:
        description: Batch is the Schema for the batches API
        properties:
          apiVersion:
            description: 'APIVersion defines the versioned schema of this representation
              of an object. Servers should convert recognized schemas to the latest
              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
            type: string
          kind:
            description: 'Kind is a string value representing the REST resource this
              object represents. Servers may infer this from the endpoint the client
              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
            type: string
          metadata:
            type: object
          spec:
            description: BatchSpec defines the desired state of Batch
            properties:
              trialTemplate:
                description: Foo is an example field of Batch. Edit Batch_types.go
                  to remove/update
                properties:
                  trialSpec:
                    description: TrialSpec represents trial template in unstructured
                      format
                    type: object
                type: object
            type: object
          status:
            description: BatchStatus defines the observed state of Batch
            type: object
        type: object
status:
  acceptedNames:
    kind: ""
    plural: ""
  conditions: []
  storedVersions: []

BTW, it works well when we use v1beta1. I was diving into the code base but I did not found the reason.

There is the diff between v1 CRD and v2 CRD. Seems that there are some more managed fields in v1beta1.

41a42
>         f:preserveUnknownFields: {}
42a44,83
>         f:validation:
>           .: {}
>           f:openAPIV3Schema:
>             .: {}
>             f:description: {}
>             f:properties:
>               .: {}
>               f:apiVersion:
>                 .: {}
>                 f:description: {}
>                 f:type: {}
>               f:kind:
>                 .: {}
>                 f:description: {}
>                 f:type: {}
>               f:metadata:
>                 .: {}
>                 f:type: {}
>               f:spec:
>                 .: {}
>                 f:description: {}
>                 f:properties:
>                   .: {}
>                   f:trialTemplate:
>                     .: {}
>                     f:description: {}
>                     f:properties:
>                       .: {}
>                       f:trialSpec:
>                         .: {}
>                         f:description: {}
>                         f:type: {}
>                     f:type: {}
>                 f:type: {}
>               f:status:
>                 .: {}
>                 f:description: {}
>                 f:type: {}
>             f:type: {}
>         f:version: {}

I'd appreciate it if anyone could help me.

Thanks 🥂 🍻

This is more of a question.

We have written crd validation. In our case we wanted to validate a value against a fixed set of values (say should have one value among 6 possible values) but it is possible this particular field might not have a value in that case validation shouldn’t fail. I tried with OneOf but OneOf fails when value doesn’t exist. Do we know which keyword I can use for this validation ?.

For example

Header:”GET”
Value: “present_match”. // here validation should happen

Example 2
Header:”GET” // since value is not there so crd should be ok with it

Regards Piyush

Hey,
I try to watch CRDs on multiple external clusters. For that purpose I created RESTClients (currently I do not have a clientset for those clusters) to watch the CRDs.

So using the RESTClient to get, watch, ... is possible:

err = eRESTClient.Get().Resource(crv1.CRDPromPlural).Do().Into(&pl)

Works for me on an existiong CRD.

Now I wanted to create the CRDs automatically on new clusters if the CRD does not exist.

To do so I did following:

eClientset := apiextensionsclient.New(eRESTClient)

crd := &apiextensionsv1beta1.CustomResourceDefinition{
        ObjectMeta: metav1.ObjectMeta{
                Name: "tests.monitoring.io",
        },
        Spec: apiextensionsv1beta1.CustomResourceDefinitionSpec{
                Scope:   apiextensionsv1beta1.NamespaceScoped,
                Group:   "monitoring.io",
                Version: "v1",
                Names: apiextensionsv1beta1.CustomResourceDefinitionNames{
                        Kind:     "Test",
                        Plural:   "tests",
                        Singular: "test",
                },
        },
}
_, err = eClientset.Apiextensions().CustomResourceDefinitions().Create(crd)

But this does not work and following error appears:

the server could not find the requested resource (post customresourcedefinitions.monitoring.io)

Can somebody tell me if I need to do something special to my RESTClient to get that working, or why the clientset is not working in this case?

Hello,
Is there a way to specify server version in fake package?
Thank you

I have found an example of how to create a CRD resource and how to watch the events of a CRD resource from this example.

I want to create/update/delete an instance of a CRD resource, for example, I have created a CRD resource OpCRD and need to create/update/delete instances of OpCRD.

Are there some examples to show how to do this?

How can I use CRD client from this repo with client-go release-4.0 (kubernetes 1.7) branch? They rely on different versions of apimachinery.

Related: kubernetes/client-go#247

To be consistent with other client-go tutorials, we need https://github.com/kubernetes/apiextensions-apiserver/tree/master/examples/client-go example to have a ## Cleanup section where the instructions to remove artifacts created by the example program can be removed.

While getting the apiextensions-apiserver go module, getting attempt failures due to conflicts in dependencies, from api/batch/v2alpha1

$ go get k8s.io/apiextensions-apiserver

go: downloading k8s.io/component-base v0.22.2
go: downloading k8s.io/apiserver v0.22.2
go: downloading go.opentelemetry.io/otel v0.20.0
go: downloading gopkg.in/natefinch/lumberjack.v2 v2.0.0
go: downloading github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e
go: downloading go.opentelemetry.io/otel/trace v0.20.0
go: downloading go.opentelemetry.io/otel/exporters/otlp v0.20.0
go: downloading go.opentelemetry.io/otel/sdk v0.20.0
go: downloading github.com/coreos/go-systemd/v22 v22.3.2
go: downloading github.com/blang/semver v3.5.1+incompatible
go: downloading github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
go: downloading go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489
go: downloading go.opentelemetry.io/contrib v0.20.0
go: downloading sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22
go: downloading go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0
go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0
go: downloading github.com/prometheus/common v0.26.0
go: downloading go.opentelemetry.io/otel/sdk/export/metric v0.20.0
go: downloading go.opentelemetry.io/proto/otlp v0.7.0
go: downloading go.opentelemetry.io/otel/metric v0.20.0
go: downloading go.opentelemetry.io/otel/sdk/metric v0.20.0
go: downloading github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369
go: downloading github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
go: downloading go.etcd.io/etcd/client/v3 v3.5.0
go: downloading go.etcd.io/etcd/client/pkg/v3 v3.5.0
go: downloading go.etcd.io/etcd/api/v3 v3.5.0
go: downloading go.uber.org/zap v1.17.0
go: downloading go.uber.org/multierr v1.6.0
k8s.io/apiextensions-apiserver imports
        k8s.io/apiserver/pkg/server imports
        k8s.io/client-go/informers imports
        k8s.io/api/batch/v2alpha1: cannot find module providing package k8s.io/api/batch/v2alpha1
k8s.io/apiextensions-apiserver imports
        k8s.io/apiserver/pkg/server imports
        k8s.io/client-go/informers imports
        k8s.io/api/discovery/v1alpha1: cannot find module providing package k8s.io/api/discovery/v1alpha1
go: downloading github.com/blang/semver v1.1.0

Host: Ubuntu 20.04
go version go1.16.4 linux/amd64

My CRD for Elasticsearch

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  labels:
    app: kubedb
  name: elasticsearches.kubedb.com
spec:
  group: kubedb.com
  names:
    kind: Elasticsearch
    listKind: ElasticsearchList
    plural: elasticsearches
    shortNames:
    - es
    singular: elasticsearch
  scope: Namespaced
  version: v1alpha1
status:
  acceptedNames:
    kind: Elasticsearch
    listKind: ElasticsearchList
    plural: elasticsearches
    shortNames:
    - es
    singular: elasticsearch
  conditions:
  - lastTransitionTime: null
    message: no conflicts found
    reason: NoConflicts
    status: "True"
    type: NamesAccepted
  - lastTransitionTime: 2017-08-31T07:10:38Z
    message: the initial names have been accepted
    reason: InitialNamesAccepted
    status: "True"
    type: Established

None of the following commands is working

$ kubectl get elasticsearch
Error from server (NotFound): Unable to list "elasticsearchs": the server could not find the requested resource (get elasticsearchs.kubedb.com)

kubectl get elasticsearches
the server doesn't have a resource type "elasticsearches"

kubectl get es
the server doesn't have a resource type "elasticsearches"

But I got correct SelfLink

/apis/kubedb.com/v1alpha1/elasticsearches

Here, I have used elasticsearches as plural form of elasticsearch.

How can I fix this and use elasticsearches as plural for kind Elasticsearch?

Create example CRD, and validate master.replicas must be 1 or 3.

Use Enum not work as expected.
Always raise error in body should be one of [1 3].

"master": {
    Properties: map[string]apiextensionsv1beta1.JSONSchemaProps{
        "replicas": {
            Description: "must be 1 or 3",
            Type:        "number",
            // TODO: not work as expect
            Enum: []apiextensionsv1beta1.JSON{
                {
                    Raw: []byte(fmt.Sprintf(`1`)),
                },
                {
                    Raw: []byte(fmt.Sprintf(`3`)),
                },
            },
        },

Use AnyOf can work as expected but very ugly.

"master": {
    Properties: map[string]apiextensionsv1beta1.JSONSchemaProps{
        "replicas": {
            Description: "must be 1 or 3",
            Type:        "number",
            // Work as expect but very ugly
            AnyOf: []apiextensionsv1beta1.JSONSchemaProps{
                {
                    Description: "must be 1 or 3",
                    Type:        "number",
                    Minimum:     util.Float64Ptr(1),
                    Maximum:     util.Float64Ptr(1),
                },
                {
                    Description: "must be 1 or 3",
                    Type:        "number",
                    Minimum:     util.Float64Ptr(3),
                    Maximum:     util.Float64Ptr(3),
                },
            },
        },

Here is my CRD

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: deployments.sadlil.com
spec:
  group: sadlil.com
  version: v1
  scope: Namespaced
  names:
    plural: deployments
    singular: deployment
    kind: Deployment
    shortNames:
    - deploy
    - dpl

$ kubectl get crd -o yaml
apiVersion: v1
items:
- apiVersion: apiextensions.k8s.io/v1beta1
  kind: CustomResourceDefinition
  metadata:
    creationTimestamp: 2017-08-31T05:25:23Z
    name: deployments.sadlil.com
    namespace: ""
    resourceVersion: "2259321"
    selfLink: /apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions/deployments.sadlil.com
    uid: c9e0720a-8e0c-11e7-99a7-02f03673b1d6
  spec:
    group: sadlil.com
    names:
      kind: Deployment
      listKind: DeploymentList
      plural: deployments
      shortNames:
      - deploy
      - dpl
      singular: deployment
    scope: Namespaced
    version: v1
  status:
    acceptedNames:
      kind: Deployment
      listKind: DeploymentList
      plural: deployments
      shortNames:
      - deploy
      - dpl
      singular: deployment
    conditions:
    - lastTransitionTime: null
      message: no conflicts found
      reason: NoConflicts
      status: "True"
      type: NamesAccepted
    - lastTransitionTime: 2017-08-31T05:25:23Z
      message: the initial names have been accepted
      reason: InitialNamesAccepted
      status: "True"
      type: Established

CRD Data

apiVersion: sadlil.com/v1
kind: Deployment
metadata:
  labels:
    app: test-server
  name: test-server
  namespace: default
spec:
  type: hello-world

Outputs

$ kubectl get deployments.sadlil.com
NAME          KIND
test-server   Deployment.v1.sadlil.com
$ kubectl get deploy
No resources found.
$ kubectl get dpl
No resources found.
$ kubectl get deployments
No resources found.
$ kubectl get deployment
No resources found.

Expected to see the resource list when kubectl get dpl or kubectl get deployments.

Versions

Client Version: v1.7.3
Server Version: v1.7.0

I'm getting an issue with kubectl explain (in my case networkaddonsconfig ) when upgrading from version with apiextensions.k8s.io/v1beta1 to apiextensions.k8s.io/v1.

The solution I saw so far is to set PreserveUnknownFields:false (SSP PR, CDI PR, and my own CNAO PR, as well as a open issue on etcd-cluster-operator),
however I find the solution troubling, as PreserveUnknownFields is deprecated and the alternative field does not support the value False.

Is there an expected version where PreserveUnknownFields will be removed entirely?
Is there a solution/workaround what to do when that happens?

I use github.com/kubeflow/tf-operator(v0.1.0), k8s.io/client-go(v5.0.0) in my project. The go dependencies was managed by glide, and it tells me tf-operator want apiextensions-apiserver with version kubernetes-1.8.4.

Codes built and ran. However, when run into

clientset.ApiextensionsV1beta1().CustomResourceDefinitions().Get("name", metav1.GetOptions{})

I got an error said "v1.GetOptions is not suitable for converting to "meta.k8s.io/v1".

Am I using those packages in mismatched versions? How can I solve the error. Thanks

cannot find package "k8s.io/apiextensions-apiserver/pkg/features"

According to the document in https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/, I should be able to have the defaulting and "Custom Business Logic" for my CRD with an Initializer. Is there a sample I can refer to? Many thanks

This is more of a question rather than a bug. By extending k8s api server can we filter CRDs on random field selectors?

According the openapi spec maps are represented as a:

{
  "type": "object",
  "additionalProperties": {
    "type": "string"
  }
}

However when using a CRD with that validation it accepts requests that shouldn't validate:

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: crontabs.stable.example.com
spec:
  group: stable.example.com
  version: v1
  scope: Namespaced
  names:
    kind: CronTab
  validation:
   # openAPIV3Schema is the schema for validating custom objects.
    openAPIV3Schema:
      properties:
        labels:
          type: object
          properties:
            additionalProperties: 
              type: string

Successfully created this yaml (shouldn't have)

apiVersion: stable.example.com/v1
kind: CronTab
labels:
  foo:
  - bar
metadata:
  name: name
spec:

Note: I have also gotten this error when using the go-client library to create the CRD spec:

[spec.validation.openAPIV3Schema.properties[metadata].properties[annotations].additionalProperties: Forbidden: additionalProperties cannot be set to false, spec.validation.openAPIV3Schema.properties[metadata].properties[labels].additionalProperties: Forbidden: additionalProperties cannot be set to false]

I suspect this is because when unmarshalling the json, Allows is not set to true:

https://github.com/kubernetes/apiextensions-apiserver/blob/master/pkg/apis/apiextensions/v1beta1/marshal.go#L43

When I use the controller-runtime client to create a CRD resource, the following error appears：

"v1.CreateOptions is not suitable for converting to \"apiextensions.k8s.io/__internal\" in scheme \"/workspace/common/utils/client.go:18\""}
github.com/go-logr/zapr.(*zapLogger).Error
	/workspace/vendor/github.com/go-logr/zapr/zapr.go:128
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
	/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:218
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
	/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:192
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker
	/workspace/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:171
k8s.io/apimachinery/pkg/util/wait.JitterUntil.func1
	/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:152
k8s.io/apimachinery/pkg/util/wait.JitterUntil
	/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:153
k8s.io/apimachinery/pkg/util/wait.Until
	/workspace/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:88

I am trying to adapt the examples/client-go by adding my own Custom Resource Type. When I change the name of the resource type from Example I get Deepcopy not supported errors. I think that I am supposed to run deepcopy-gen on the package to update zz_generated.deepcopy.go - but it is unclear how to do so.

Latest version of apiextensions-apiserver in 0.25.x series is 0.25.9.
This uses go.etcd.io/etcd/v3 v 3.5.4 Go package, which has CVE-2021-28235 (HIGH) Vulnerability. This Vulnerability is fixed in ``go.etcd.io/etcd/v3 v 3.5.8` and later.

Any plans to upgrade apiextensions-apiserver v0.25.x series with latest version of go.etcd.io/etcd/v3, which has fix for above mentioned CVE-2021-28235 vulnerability.
...and I suppose, this requires subsequent upgrade to controller-runtime v0.13.0

I wrote an example test https://github.com/kubernetes/apiextensions-apiserver/pull/52/files

According to https://spec.openapis.org/oas/v3.0.3#model-with-map-dictionary-properties, I should be able to validate a map with string type value using

{
  "type": "object",
  "additionalProperties": {
    "type": "string"
  }
}

But this test is failing with error: unexpected validation error for map[field:map[a:b]]: [field: Invalid value: "a": field.a in body is a forbidden property]

As per the email sent to kubernetes-dev[1], please create a SECURITY_CONTACTS
file.

The template for the file can be found in the kubernetes-template repository[2].
A description for the file is in the steering-committee docs[3], you might need
to search that page for "Security Contacts".

Please feel free to ping me on the PR when you make it, otherwise I will see when
you close this issue. :)

Thanks so much, let me know if you have any questions.

(This issue was generated from a tool, apologies for any weirdness.)

[1] https://groups.google.com/forum/#!topic/kubernetes-dev/codeiIoQ6QE
[2] https://github.com/kubernetes/kubernetes-template-project/blob/master/SECURITY_CONTACTS
[3] https://github.com/kubernetes/community/blob/master/committee-steering/governance/sig-governance-template-short.md