Kyverno CRDs not working

Question

Kyverno CRDs not working

Closed this issue a year ago · 2 comments

~ wget https://github.com/kyverno/kyverno/releases/download/v1.10.0/install.yaml
~ cat install.yaml | kubeconform -schema-location default -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' --summary --kubernetes-version 1.26.2


stdin - CustomResourceDefinition cleanuppolicies.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition clusteradmissionreports.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition admissionreports.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition backgroundscanreports.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition clusterbackgroundscanreports.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition clustercleanuppolicies.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition clusterpolicies.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition policyexceptions.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition updaterequests.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition clusterpolicyreports.wgpolicyk8s.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition policyreports.wgpolicyk8s.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition policies.kyverno.io failed validation: could not find schema for CustomResourceDefinition
Summary: 62 resources found parsing stdin - Valid: 50, Invalid: 0, Errors: 12, Skipped: 0

Answer 1 · 2023-08-15T14:51:05.000Z

Kubeconform debug:

Templating release=kyverno, chart=charts/system/kyverno
2023/08/15 16:09:21 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/serviceaccount-v1.json
2023/08/15 16:09:21 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/serviceaccount-v1.json
2023/08/15 16:09:21 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/configmap-v1.json
2023/08/15 16:09:21 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/configmap-v1.json
stdin - ServiceAccount kyverno is valid
stdin - ServiceAccount kyverno-cleanup-controller is valid
stdin - ConfigMap kyverno is valid
stdin - ConfigMap kyverno-metrics is valid
2023/08/15 16:09:21 could not find schema at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/customresourcedefinition-apiextensions-v1.json
2023/08/15 16:09:21 could not find schema at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/customresourcedefinition-apiextensions-v1.json
2023/08/15 16:09:21 could not find schema at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/customresourcedefinition-apiextensions-v1.json
2023/08/15 16:09:21 could not find schema at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/customresourcedefinition-apiextensions-v1.json
2023/08/15 16:09:21 could not find schema at https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/apiextensions.k8s.io/customresourcedefinition_v1.json
stdin - CustomResourceDefinition clusteradmissionreports.kyverno.io failed validation: could not find schema for CustomResourceDefinition
2023/08/15 16:09:21 could not find schema at https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/apiextensions.k8s.io/customresourcedefinition_v1.json
2023/08/15 16:09:21 could not find schema at https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/apiextensions.k8s.io/customresourcedefinition_v1.json
2023/08/15 16:09:21 could not find schema at https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/apiextensions.k8s.io/customresourcedefinition_v1.json
stdin - CustomResourceDefinition backgroundscanreports.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition cleanuppolicies.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition admissionreports.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition clusterbackgroundscanreports.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition clustercleanuppolicies.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition generaterequests.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition clusterpolicies.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition policyexceptions.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition updaterequests.kyverno.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition clusterpolicyreports.wgpolicyk8s.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition policyreports.wgpolicyk8s.io failed validation: could not find schema for CustomResourceDefinition
stdin - CustomResourceDefinition policies.kyverno.io failed validation: could not find schema for CustomResourceDefinition
2023/08/15 16:09:21 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/clusterrole-rbac-v1.json
2023/08/15 16:09:21 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/clusterrole-rbac-v1.json
2023/08/15 16:09:21 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/clusterrole-rbac-v1.json
2023/08/15 16:09:21 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/clusterrole-rbac-v1.json
stdin - ClusterRole kyverno:admin-generaterequest is valid
stdin - ClusterRole kyverno:admin-reports is valid
stdin - ClusterRole kyverno:admin-policies is valid
stdin - ClusterRole kyverno:admin-policyreport is valid
stdin - ClusterRole kyverno:admin-updaterequest is valid
stdin - ClusterRole kyverno:cleanup-controller is valid
stdin - ClusterRole kyverno is valid
stdin - ClusterRole kyverno:cleanup-controller:core is valid
stdin - ClusterRole kyverno:userinfo is valid
stdin - ClusterRole kyverno:policies is valid
stdin - ClusterRole kyverno:view is valid
stdin - ClusterRole kyverno:generate is valid
stdin - ClusterRole kyverno:events is valid
stdin - ClusterRole kyverno:webhook is valid
2023/08/15 16:09:22 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/clusterrolebinding-rbac-v1.json
2023/08/15 16:09:22 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/clusterrolebinding-rbac-v1.json
stdin - ClusterRoleBinding kyverno:cleanup-controller is valid
stdin - ClusterRoleBinding kyverno is valid
2023/08/15 16:09:22 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/role-rbac-v1.json
2023/08/15 16:09:22 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/role-rbac-v1.json
stdin - Role kyverno:leaderelection is valid
stdin - Role kyverno:cleanup-controller is valid
2023/08/15 16:09:22 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/rolebinding-rbac-v1.json
2023/08/15 16:09:22 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/rolebinding-rbac-v1.json
stdin - RoleBinding kyverno:cleanup-controller is valid
stdin - RoleBinding kyverno:leaderelection is valid
2023/08/15 16:09:22 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/service-v1.json
2023/08/15 16:09:22 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/service-v1.json
2023/08/15 16:09:22 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/service-v1.json
2023/08/15 16:09:22 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/service-v1.json
stdin - Service kyverno-cleanup-controller-metrics is valid
stdin - Service kyverno-cleanup-controller is valid
stdin - Service kyverno-svc-metrics is valid
stdin - Service kyverno-svc is valid
2023/08/15 16:09:22 could not find schema at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/clusterpolicy-kyverno-v1.json
2023/08/15 16:09:22 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/pod-v1.json
2023/08/15 16:09:22 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/deployment-apps-v1.json
2023/08/15 16:09:22 using schema found at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/deployment-apps-v1.json
2023/08/15 16:09:22 using schema found at https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/kyverno.io/clusterpolicy_v1.json
stdin - Pod kyverno-test is valid
2023/08/15 16:09:22 could not find schema at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/clusterpolicy-kyverno-v1.json
2023/08/15 16:09:22 using schema found at https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/kyverno.io/clusterpolicy_v1.json
stdin - Deployment kyverno-cleanup-controller is valid
2023/08/15 16:09:22 could not find schema at https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.26.2-standalone/clusterpolicy-kyverno-v1.json
stdin - Deployment kyverno is valid
stdin - ClusterPolicy sidecar-injection is valid
2023/08/15 16:09:22 using schema found at https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/kyverno.io/clusterpolicy_v1.json
stdin - ClusterPolicy sidecar-injection-retroactively is valid
stdin - ClusterPolicy reloader is valid
Summary: 47 resources found parsing stdin - Valid: 34, Invalid: 0, Errors: 13, Skipped: 0

Answer 2 · 2023-08-15T15:19:13.000Z

Certain now this is an issue in kubeconform, apologies

yannh/kubernetes-json-schema#26