Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

creationTimestamp: null is invalid since it isn't a string #105

Open
wilmardo opened this issue Apr 7, 2022 · 3 comments
Open

creationTimestamp: null is invalid since it isn't a string #105

wilmardo opened this issue Apr 7, 2022 · 3 comments

Comments

@wilmardo
Copy link

wilmardo commented Apr 7, 2022
edited

This is an interesting one so bear with me :)

First, this is the error I stumbled when validation FluxCD CRDs. The creationTimestamp can't be null and must be a string according to the spec:

# wget https://github.com/fluxcd/source-controller/releases/download/v0.22.5/source-controller.crds.yaml
# kubeconform -schema-location default -schema-location "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master/customresourcedefinition.json" source-controller.crds.yaml
source-controller.crds.yaml - CustomResourceDefinition gitrepositories.source.toolkit.fluxcd.io is invalid: For field metadata.creationTimestamp: Invalid type. Expected: string, given: null
source-controller.crds.yaml - CustomResourceDefinition buckets.source.toolkit.fluxcd.io is invalid: For field metadata.creationTimestamp: Invalid type. Expected: string, given: null
source-controller.crds.yaml - CustomResourceDefinition helmrepositories.source.toolkit.fluxcd.io is invalid: For field metadata.creationTimestamp: Invalid type. Expected: string, given: null
source-controller.crds.yaml - CustomResourceDefinition helmcharts.source.toolkit.fluxcd.io is invalid: For field metadata.creationTimestamp: Invalid type. Expected: string, given: null

So I raised an issue at fluxcd/flux2#2623 since they seemed to be the culprit.
But received a response that they use controller-gen to generate the CRDs. So I looked into controller-gen and they also do not set the creationTimestamp they import k8s.io/apimachinery/pkg/apis/meta/v1 for the generation of the metadata (where the creationTimestamp is part of)(source).

So now the issue, in the package documentation (link) of k8s.io/apimachinery/pkg/apis/meta/v1 it says the following about the creationTimestamp

// CreationTimestamp is a timestamp representing the server time when this object was
// created. It is not guaranteed to be set in happens-before order across separate operations.
// Clients may not set this value. It is represented in RFC3339 form and is in UTC.
//
// Populated by the system.
// Read-only.
// Null for lists.
// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
// +optional
Creation[Time](https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Time)stamp Time `json:"creationTimestamp,omitempty" protobuf:"bytes,8,opt,name=creationTimestamp"`

So there is something in the docblock about Null for lists(?) but in the openapi spec of Kubernetes is this Time resource marked as string:

"io.k8s.apimachinery.pkg.apis.meta.v1.Time": {
      "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON.  Wrappers are provided for many of the factory methods that the time package offers.",
      "format": "date-time",
      "type": "string"
},

https://raw.githubusercontent.com/kubernetes/kubernetes/master/api/openapi-spec/swagger.json

So now, what is wrong here? Is it indeed allowed to be a string or null and should the openapi spec be an enum? Or is there something ink8s.io/apimachinery/pkg/apis/meta/v1 wrong? Or should controller-gen explictly set the creationTimestamp to an string?
The last one seems kinda wrong to me since it seems to me that the k8s.io/apimachinery/pkg/apis/meta/v1 should return data valid to the api spec.

I am sorry for all the text and if I did not understand something correctly :)
I don't develop in golang (or at all really) and the relation between the package and the openapi spec is quite vague for me.
@yannh
Copy link
Owner

yannh commented Apr 11, 2022

Hi @wilmardo and thanks for all the digging! I have limited amount of time to investigate this, but I would be really grateful if someone figured out a way to validate the Custom Resource Definitions / figured a way to get this to work :)

wmfgerrit pushed a commit to wikimedia/operations-deployment-charts that referenced this issue Jun 1, 2022
@jayme-github
Remove null creationTimestamp from CRDs
d50da1c 
controller-gen generated CRDs generate creationTimestamp fields with
incompatible type (in terms of openapi spec).
Lazy fix is to just drop the fiel from the CRDs for now.

See:
* kubernetes/kubernetes#109427
* yannh/kubeconform#105
* fluxcd/flux2#2623

Bug: T306165
Change-Id: I65827e3b396d1d52ee3f8c0e90814528dfb8bfcb
@jacksgt
Copy link

jacksgt commented Sep 5, 2023

Hi,
I'm running into the same issue with CRDs from the OpenShift Logging Operator (which uses operator-sdk / kubebuilder v2 internally): https://github.com/openshift/cluster-logging-operator/blob/b9c22742f6ffeb3e1c7eb76091176a85ccee9387/config/crd/bases/logging.openshift.io_clusterlogforwarders.yaml#L7

@wilmardo
Copy link
Author

The Kubernetes openapi has been updated and these faulty defaults have been removed:
kubernetes/kubernetes#109427 (comment)

These changes should find their way to the controller-gen and packages that use these, so hopefully this issue will be resolved completely somewhere in the future :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yannh @wilmardo @jacksgt