operator icon indicating copy to clipboard operation
operator copied to clipboard
verified publisher icon VictoriaMetrics

rendered crd is different than in docs

Open cmergenthaler opened this issue 8 months ago • 1 comments

Hello,

while configuring our VM setup with CRs and following the docs, we noticed that kubeconform fails even though operator is able to reconcile the deployed resources without problems. We investigated the problem and found out some fields are removed from rendered CRDs, resulting in a deviation between operator capabilities and the actual k8s CRDs. Is there a specific reason why some fields are being removed?

Example:

apiVersion: operator.victoriametrics.com/v1beta1
kind: VMSingle
spec:
  extraEnvs:
    - name: GOMEMLIMIT
      valueFrom:
        resourceFieldRef:
          resource: limits.memory

Is a valid CR from operator and docs perspective, it is working fine deploying the resource.

Still kubeconform fails validating the resource with the official CRD: VMSingle is invalid: problem validating schema. Check JSON formatting: jsonschema: '/spec/extraEnvs/0' does not validate with https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/operator.victoriametrics.com/vmsingle_v1beta1.json#/properties/spec/properties/extraEnvs/items/additionalProperties: additionalProperties 'valueFrom' not allowed

The valueFrom (along with others) is removed from the rendered CRD here: https://github.com/VictoriaMetrics/operator/blob/690ef8991d3265172b9cc6e6cff0c569f1d5fbc4/config/crd/patches/operator.victoriametrics.com_vmsingles.yaml#L18-L19

These removals block us from shift-left CR validation.

cmergenthaler avatar Jun 02 '25 17:06 cmergenthaler

Hello,

Looks like it's an issue at kubeconform side. It must respect x-kubernetes-preserve-unknown-fields for raw data https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#rawextension

The reason, why CRD pruned in such way is the size of result yaml file. Kubernetes has default 1.4MB limitation for created objects. And many deployment tools, such as helm stores configuration files ( CRD included) into Secret/Configmap. It makes impossible to install operator CRD with helm without fields pruning. It takes too much size (even compressed).

Related kubeconform issue: https://github.com/yannh/kubeconform/issues/224

f41gh7 avatar Jun 03 '25 08:06 f41gh7

hey @cmergenthaler looks like issue in kubeconform was not resolved yet have you tried https://github.com/stackrox/kube-linter instead? it validates CRD without any issues

AndrewChubatiuk avatar Jul 10 '25 08:07 AndrewChubatiuk

closing this as it's not an operator issue

AndrewChubatiuk avatar Jul 16 '25 10:07 AndrewChubatiuk