Description
openedon Oct 31, 2023
How to categorize this issue?
/kind bug
What happened:
The issuer CRD definition wrongly uses the singular name as short name
K8s CRD controller has a validation that the short names is not re-used in other CRDs among the same group, see https://github.com/kubernetes/kubernetes/blob/e8d45596dfbdf69fd42aa6881dfdeb089a20ab33/staging/src/k8s.io/apiextensions-apiserver/pkg/controller/status/naming_controller.go#L123-L169 and https://github.com/kubernetes/kubernetes/blob/e8d45596dfbdf69fd42aa6881dfdeb089a20ab33/staging/src/k8s.io/apiextensions-apiserver/pkg/controller/status/naming_controller.go#L89-L121
What you expected to happen:
The short names for issuer to not be the same as the singular name.
How to reproduce it (as minimally and precisely as possible):
- Create a k8s cluster, e.g. kind
- Run the following command to create the CRD without the shortNames
cat <<EOF | kubectl create -f -
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: issuers.cert.gardener.cloud
spec:
conversion:
strategy: None
group: cert.gardener.cloud
names:
kind: Issuer
listKind: IssuerList
plural: issuers
singular: issuer
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
served: true
storage: true
subresources:
status: {}
EOF- Check the CRD conditions are healthy
kubectl get crd issuers.cert.gardener.cloud -o json | jq .status.conditions
[
{
"lastTransitionTime": "2023-10-31T11:02:59Z",
"message": "no conflicts found",
"reason": "NoConflicts",
"status": "True",
"type": "NamesAccepted"
},
{
"lastTransitionTime": "2023-10-31T11:02:59Z",
"message": "the initial names have been accepted",
"reason": "InitialNamesAccepted",
"status": "True",
"type": "Established"
}
]- Update the CRD with short names
cat <<EOF | kubectl replace -f -
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: issuers.cert.gardener.cloud
spec:
conversion:
strategy: None
group: cert.gardener.cloud
names:
kind: Issuer
listKind: IssuerList
plural: issuers
singular: issuer
shortNames:
- issuer
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
served: true
storage: true
subresources:
status: {}
EOF- Ensure the CRD status has a failing condition
NamesAccepted
kubectl get crd issuers.cert.gardener.cloud -o json | jq .status.conditions
[
{
"lastTransitionTime": "2023-10-31T11:01:50Z",
"message": "\"issuer\" is already in use",
"reason": "ShortNamesConflict",
"status": "False",
"type": "NamesAccepted"
},
{
"lastTransitionTime": "2023-10-31T11:01:03Z",
"message": "the initial names have been accepted",
"reason": "InitialNamesAccepted",
"status": "True",
"type": "Established"
}
]Anything else we need to know?:
Environment:
- Gardener version (if relevant):
- Extension version:
- Kubernetes version (use
kubectl version): - Cloud provider or hardware configuration:
- Others: