gateway icon indicating copy to clipboard operation
gateway copied to clipboard
verified publisher icon envoyproxy

Kubeconform can't validate gateway after 1.1.0 changes

Open davem-git opened this issue 1 year ago • 7 comments

Description: We validate all of our workloads with kubeconform . It can take custom CDR which we have a script that generates it from finding all the CDR's in our workload directly. This used to work fine, it generated a validation for gateway. With the upgrade of v.1.1.0 it and the addition of https://github.com/envoyproxy/gateway/pull/4020/files#diff-85e94dab8d1c67629c15c4000ac7bcf1eb1a4c55f006ee5afc1d9c6ce69872d1R28-R31. this validation now fails.

When I generate the json validation from the CDR., it misses this. I can verify this is expected by looking at the CDR

https://github.com/envoyproxy/gateway/blob/release/v1.1.0/charts/gateway-helm/crds/gatewayapi-crds.yaml#L1219-L1478

its not in there. I do see it v1beta below, however, that's not what I'm using and it still works when I deploy it. And for some reason that isn't generating it for me either.

Is there some compatibility setup allowing me to use the feature even if it's not supported in the CDR?

gateway_v1.json gateway_v1beta1.json

Repro steps:

Include sample requests, environment, etc. All data and inputs run kubeconform on the deployment yaml files, and select CustomResourceDefinition -schema-location and select the scheme-location

Note: If there are privacy concerns, sanitize the data prior to

Environment:

gateway 1.1.0 proxy whatever comes with it

Logs:

stdin - Gateway gateway-envoy is invalid: problem validating schema. Check JSON formatting: jsonschema: '/spec/infrastructure' does not validate with file:///home/runner/work//tools/crd_json_schemas/gateway_v1.json#/properties/spec/properties/infrastructure/additionalProperties: additionalProperties 'parametersRef' not allowed

davem-git avatar Aug 14 '24 16:08 davem-git

we use https://github.com/instrumenta/openapi2jsonschema. to generate the schema you can do it for all of the CDR

davem-git avatar Aug 14 '24 16:08 davem-git

is it a kubeconform issue rather than EGs? see https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1.GatewayInfrastructure

zirain avatar Aug 15 '24 00:08 zirain

I don't think so. We generate that file from EG cdr. We don't use a global one. When you look at the cdr you can see it missing that part from the v1 section

davem-git avatar Aug 15 '24 01:08 davem-git

Gateway CRD is directly copied from Gateway API project.

zirain avatar Aug 15 '24 01:08 zirain

How is parametersRef supported in 1.1.0 then? That's not something EG added?

davem-git avatar Aug 15 '24 01:08 davem-git

How is parametersRef supported in 1.1.0 then? That's not something EG added?

EG only implemented the API, the API field is added by upstream https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io%2fv1beta1.Gateway

arkodg avatar Aug 15 '24 01:08 arkodg

I see that it's only on the website for experimental CDR. Though I tried copying that locally and it still didn't fix the problem

https://github.com/kubernetes-sigs/gateway-api/blob/v1.1.0/config/crd/experimental/gateway.networking.k8s.io_gateways.yaml#L207-L220

davem-git avatar Aug 15 '24 15:08 davem-git

This issue has been automatically marked as stale because it has not had activity in the last 30 days.

github-actions[bot] avatar Sep 14 '24 16:09 github-actions[bot]