Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kubeconform can't validate gateway after 1.1.0 changes #4049

Open
davem-git opened this issue Aug 14, 2024 · 8 comments
Open

Kubeconform can't validate gateway after 1.1.0 changes #4049

davem-git opened this issue Aug 14, 2024 · 8 comments

Comments

@davem-git
Copy link

Description:
We validate all of our workloads with kubeconform . It can take custom CDR which we have a script that generates it from finding all the CDR's in our workload directly. This used to work fine, it generated a validation for gateway. With the upgrade of v.1.1.0 it and the addition of https://github.com/envoyproxy/gateway/pull/4020/files#diff-85e94dab8d1c67629c15c4000ac7bcf1eb1a4c55f006ee5afc1d9c6ce69872d1R28-R31. this validation now fails.

When I generate the json validation from the CDR., it misses this. I can verify this is expected by looking at the CDR

https://github.com/envoyproxy/gateway/blob/release/v1.1.0/charts/gateway-helm/crds/gatewayapi-crds.yaml#L1219-L1478

its not in there. I do see it v1beta below, however, that's not what I'm using and it still works when I deploy it. And for some reason that isn't generating it for me either.

Is there some compatibility setup allowing me to use the feature even if it's not supported in the CDR?

gateway_v1.json
gateway_v1beta1.json

Repro steps:

Include sample requests, environment, etc. All data and inputs
run kubeconform on the deployment yaml files, and select CustomResourceDefinition -schema-location and select the scheme-location

Note: If there are privacy concerns, sanitize the data prior to

Environment:

gateway 1.1.0 proxy whatever comes with it

Logs:

stdin - Gateway gateway-envoy is invalid: problem validating schema. Check JSON formatting: jsonschema: '/spec/infrastructure' does not validate with file:///home/runner/work//tools/crd_json_schemas/gateway_v1.json#/properties/spec/properties/infrastructure/additionalProperties: additionalProperties 'parametersRef' not allowed

@davem-git
Copy link
Author

we use https://github.com/instrumenta/openapi2jsonschema. to generate the schema you can do it for all of the CDR

@zirain
Copy link
Contributor

zirain commented Aug 15, 2024

@davem-git
Copy link
Author

I don't think so. We generate that file from EG cdr. We don't use a global one. When you look at the cdr you can see it missing that part from the v1 section

@zirain
Copy link
Contributor

zirain commented Aug 15, 2024

Gateway CRD is directly copied from Gateway API project.

@davem-git
Copy link
Author

How is parametersRef supported in 1.1.0 then? That's not something EG added?

@arkodg
Copy link
Contributor

arkodg commented Aug 15, 2024

How is parametersRef supported in 1.1.0 then? That's not something EG added?

EG only implemented the API, the API field is added by upstream
https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1beta1.Gateway

@davem-git
Copy link
Author

I see that it's only on the website for experimental CDR. Though I tried copying that locally and it still didn't fix the problem

https://github.com/kubernetes-sigs/gateway-api/blob/v1.1.0/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml#L207-L220

Copy link

This issue has been automatically marked as stale because it has not had activity in the last 30 days.

@github-actions github-actions bot added the stale label Sep 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants