Assuming I have a custom resource on my k8s cluster exposed on a proprietary api endpoint, e.g. somecompany/v1
Is there a way to validate a .yaml manifest describing this resource?
It his a functionality the custom resource provider should expose or it is natively supported by k8s for CRDs?
Let's take a look on a simple example:
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: myresources.stable.example.com
spec:
group: stable.example.com
versions:
- name: v1
served: true
storage: true
scope: Namespaced
names:
plural: myresources
singular: myresource
kind: MyResource
shortNames:
- mr
validation:
openAPIV3Schema:
required: ["spec"]
properties:
spec:
required: ["cert","key","domain"]
properties:
cert:
type: "string"
minimum: 1
key:
type: "string"
minimum: 1
domain:
type: "string"
minimum: 1 spec.validation field describes custom validation methods for your custom resource. You can block the creation of resources using validation if certain fields are left empty. In this example, OpenAPIV3Schema validation conventions is used to check the type of some fields in our custom resource. We ensure that spec , spec.cert , spec.key , and spec.domain fields of the custom resource do exist and that they are of a String type. Users can also use validatingadmissionwebhook as a validation schema. You can find more about restrictions for using this field in the official documentation.