Hello, I’m using the Kong Ingress Controller and noticed that the CRDs in both the helm chart and ingress controller repo are using the
apiextensions.k8s.io/v1beta1 apiVersion. Kubernetes 1.16 introduced a
apiextensions.k8s.io/v1 apiVersion that requires structural schemas. This provides validation support to custom resources, so we could add a “dry run” to our CI pipeline that ensures our KongIngress resources are valid without having to actually apply them to kube-apiserver. Additionally, the existing v1beta1 apiVersion optionally supports structural schemas as well as mentioned earlier in that last link.
Could the existing CRDs be updated to have structural schema and perhaps provide opt-in support for the v1 CRD API in the helm chart?
Yes. This is one of the features on the radar that we’ve.
KongIngress, KongConsumer and KongCredential CRD already have OpenAPI spec validation and they don’t require a lot of work to convert them to a structural schema.
KongPlugin, however, will not have a structural schema since it contains a
config property which can contain any arbitrary key:value pair. But other properties are valid.
Also, please note that there is an Admission Controller that now ships as part of the Ingress controller, that you can use to validate these customer resources.
The admission controller sounds great, and I’m looking forward to the structural schema. I see the new service and ValidatingWebhookConfiguration added here, is there any chance it could be added to the helm chart as well?
It is just lagging behind. PR welcome!