Bug 1803171

Summary: Allow more fields at root of CRD schema if status is enabled
Product: OpenShift Container Platform Reporter: James Munnelly <james.munnelly>
Component: kube-apiserverAssignee: Stefan Schimanski <sttts>
Status: CLOSED CURRENTRELEASE QA Contact: Xingxing Xia <xxia>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.4CC: aos-bugs, mfojtik, sttts, vlaad, xxia
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: no-qe
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1803163 Environment:
Last Closed: 2022-08-25 22:10:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1803163    

Description James Munnelly 2020-02-14 15:36:05 UTC 
+++ This bug was initially created as a clone of Bug #1803163 +++

Description of problem:


Kubernetes 1.11 unnecessarily restricts the fields that can be specified at the root of an OpenAPI validation schema if the `status` subresource is enabled.

This makes it difficult for operator authors to produce CRD manifests that are compatible with the 'structural schema' support in OpenShift 4/Kubernetes 1.15+.

 
Version-Release number of selected component (if applicable): 3.11


How reproducible:
Trivial

Steps to Reproduce:
1. Attempt to create a CRD resource that specifies `type: object` at the root of its OpenAPI validation schema as well as enables the `status` subresource.


Actual results:

```
Error from server (Invalid): error when creating "cert-manager-openshift-v0.13.0.yaml": CustomResourceDefinition.apiextensions.k8s.io "certificaterequests.cert-manager.io" is invalid: spec.validation.openAPIV3Schema: Invalid value: apiextensions.JSONSchemaProps{ID:""

...

ensions.JSONSchemaDefinitions(nil), ExternalDocs:(*apiextensions.ExternalDocumentation)(nil), Example:(*apiextensions.JSON)(nil)}: must only have "properties", "required" or "description" at the root if the status subresource is enabled
```

Expected results:

The CRD to be created

Additional info:

The original pull request to relax validation upstream is here: https://github.com/kubernetes/kubernetes/pull/65357

It points out that allowing these fields has no adverse side-effects. Given the support window for OpenShift 3, it'd be great to get this patch in to reduce burden on extension developers.

ref https://github.com/openshift/origin/pull/24540