Namespace scoping of CRDs is inferred

Question

Namespace scoping of CRDs is inferred

alexzielenski opened this issue 2 years ago · 9 comments

Currently we have no way to tell from an OpenAPI schema if a CRD is namespace or cluster scoped, so we infer the scope from the presence of the metadata.namespace field. It'd be nice if users could get errors about namespace misuse.

For schemas sourced from local CRDs we have access to this information but do not use it. A small improvement could be to propagate that information, but that would not solve the issue for schemas sourced from OpenAPI/clusters.

eddycharly commented 2 years ago

/close

Answer 1 · 2023-05-04T22:42:50.000Z

@natasha41575 @mortent I think some people have been complaining about the same thing, i.e. there's no way to know from openapi if a type is namespaced or not. Any idea how we can fix this long-term?

Answer 2 · 2023-05-04T22:44:46.000Z

Related to kubernetes/enhancements#3938 (comment)

Answer 3 · 2023-05-04T22:47:06.000Z

As a dirty hack I think it might be able to be inferred from OpenAPI spec Paths list. If /apis/<group>/<version>/namespaces/{namespace}/<resource> is listed, then the resource is namespace scoped.

Answer 4 · 2023-05-04T22:48:13.000Z

Yes, I think that's the best we've had so far.

Answer 5 · 2023-05-08T15:49:29.000Z

This approach was added to Kustomize several years ago: kubernetes-sigs/kustomize#2978.

Answer 6 · 2023-05-12T18:01:46.000Z

Sorry @lauchokyip, #38 was already opened by the time you had replied. I think this issue is fixed now

Answer 7 · 2023-05-12T18:42:55.000Z

Thanks @alexzielenski , took a peek at the PR, seem like it was closed to what I wanted to do, just missing some pieces. 👍🏻

Answer 8 · 2023-05-12T19:48:21.000Z

@eddycharly: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.