Proposal: Validation for CustomResources. by nikhita · Pull Request #708 · kubernetes/community (original) (raw)
Schema validation performed by kubectl is driven by Swagger/OpenAPI models. An equivalent capability needs to move to the server (kubernetes/kubernetes#5889) as part of the general effort to move functionality to the server in order to improve extensibility and to simplify clients (kubernetes/kubernetes#12143).
I would like to see us move towards declarative validation generally for the API, as much as possible:
kubernetes/kubernetes#25460
@mbohlool may have already started on a proposal for that.
Also, ideally, I'd like the same spec to be usable to serve an OpenAPI spec for the CRD APIs, which would mean it would have to be an OpenAPI-compatible flavor of JSON schema. I really don't want multiple different schema languages in the system.
As for a hook-based approach, (potentially multiple) special-purpose hooks per resource would be harder to understand, as well as being more fragile, slower, etc. I'd prefer to find a way to use admission-control extension for that use case, so as not to add yet another hook mechanism: