Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Importing k8s.io/api/core/v1.ResourceRequirements into a CRD makes it invalid when upgrading to v1.26.0 #115026

Closed
saschagrunert opened this issue Jan 12, 2023 · 3 comments
Closed

Importing k8s.io/api/core/v1.ResourceRequirements into a CRD makes it invalid when upgrading to v1.26.0 #115026

saschagrunert opened this issue Jan 12, 2023 · 3 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.

Comments

@saschagrunert
Copy link
Member

saschagrunert commented Jan 12, 2023
edited

What happened?

I'm upgrading Kubernetes v1.25 to v1.26 in the Security Profiles Operator, where the upgrade to v1.26 adds the Claims []ResourceClaim to the type ResourceRequirements:

kubernetes/staging/src/k8s.io/api/core/v1/types.go

Lines 2316 to 2328 in 4802d7b

// Claims lists the names of resources, defined in spec.resourceClaims,
// that are used by this container.
//
// This is an alpha field and requires enabling the
// DynamicResourceAllocation feature gate.
//
// This field is immutable.
//
// +listType=map
// +listMapKey=name
// +featureGate=DynamicResourceAllocation
// +optional
Claims []ResourceClaim `json:"claims,omitempty" protobuf:"bytes,3,opt,name=claims"`

We use the ResourceRequirements in our own CRD to be able to configure the values:
https://github.com/kubernetes-sigs/security-profiles-operator/blob/33fd12312002985e08dca4166e304a02ba8fe2d9/api/spod/v1alpha1/spod_types.go#L312-L315

After the upgrade, the SPOD CRD got invalid with the following error:

The CustomResourceDefinition "securityprofilesoperatordaemons.security-profiles-operator.x-k8s.io" is invalid:
spec.validation.openAPIV3Schema.properties[spec].properties[daemonResourceRequirements].properties[claims].items.x-kubernetes-map-type: Invalid value: "null": must be atomic as item of a list with x-kubernetes-list-type=set

What did you expect to happen?

The upgrade does not make the CRD invalid.

How can we reproduce it (as minimally and precisely as possible)?

Try to deploy the operator from the PR: https://github.com/kubernetes-sigs/security-profiles-operator/blob/caff76aeff452d367ba07fc5448eb11a13097d1e/deploy/operator.yaml

Anything else we need to know?

No response

Kubernetes version

Tested on:

  • v1.25.3
  • v1.26.0

Cloud provider

None

OS version

None

Install tools

None

Container runtime (CRI) and version (if applicable)

CRI-O v1.26.0

Related plugins (CNI, CSI, ...) and versions (if applicable)
@saschagrunert saschagrunert added the kind/bug Categorizes issue or PR as related to a bug. label Jan 12, 2023
@k8s-ci-robot
Copy link
Contributor

@saschagrunert: There are no sig labels on this issue. Please add an appropriate label by using one of the following commands:

  • /sig <group-name>
  • /wg <group-name>
  • /committee <group-name>

Please see the group list for a listing of the SIGs, working groups, and committees available.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jan 12, 2023
@k8s-ci-robot
Copy link
Contributor

@saschagrunert: This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@saschagrunert saschagrunert changed the title Importing k8s.io/api/core/v1. *corev1. Importing k8s.io/api/core/v1.ResourceRequirements into a CRD makes it invalid Jan 12, 2023
@saschagrunert saschagrunert changed the title Importing k8s.io/api/core/v1.ResourceRequirements into a CRD makes it invalid Importing k8s.io/api/core/v1.ResourceRequirements into a CRD makes it invalid when upgrading to v1.26.0 Jan 12, 2023
@saschagrunert
Copy link
Member Author

Ah this seems to be fixed by #114585

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@saschagrunert @k8s-ci-robot