+++ This bug was initially created as a clone of Bug #1803163 +++ Description of problem: Kubernetes 1.11 unnecessarily restricts the fields that can be specified at the root of an OpenAPI validation schema if the `status` subresource is enabled. This makes it difficult for operator authors to produce CRD manifests that are compatible with the 'structural schema' support in OpenShift 4/Kubernetes 1.15+. Version-Release number of selected component (if applicable): 3.11 How reproducible: Trivial Steps to Reproduce: 1. Attempt to create a CRD resource that specifies `type: object` at the root of its OpenAPI validation schema as well as enables the `status` subresource. Actual results: ``` Error from server (Invalid): error when creating "cert-manager-openshift-v0.13.0.yaml": CustomResourceDefinition.apiextensions.k8s.io "certificaterequests.cert-manager.io" is invalid: spec.validation.openAPIV3Schema: Invalid value: apiextensions.JSONSchemaProps{ID:"" ... ensions.JSONSchemaDefinitions(nil), ExternalDocs:(*apiextensions.ExternalDocumentation)(nil), Example:(*apiextensions.JSON)(nil)}: must only have "properties", "required" or "description" at the root if the status subresource is enabled ``` Expected results: The CRD to be created Additional info: The original pull request to relax validation upstream is here: https://github.com/kubernetes/kubernetes/pull/65357 It points out that allowing these fields has no adverse side-effects. Given the support window for OpenShift 3, it'd be great to get this patch in to reduce burden on extension developers. ref https://github.com/openshift/origin/pull/24540