Bug 1798482: Add CRD generator documentation to Readme #573
Conversation
openshift-ci-robot
added
the
size/M
|
cc @smarterclayton @sttts could you please review? |
README.md
Outdated
| ## generating CRD schemas | ||
| Since Kubernetes 1.16, every CRD created in `apiextensions.k8s.io/v1` is required to have a [structural OpenAPIV3 schema](https://kubernetes.io/blog/2019/06/20/crd-structural-schema/). The schemas provide server-side validation for fields, as well as providing the descriptions for `oc explain`. Structural requirements build on that to provide enhanced security in objects' persistence in etcd. As we host many of our CRDs in this repo along with their corresponding Go types we also require them to have schemas. However, the following instructions apply for CRDs that are not hosted here as well. |
There was a problem hiding this comment.
Structural requirements build on that to provide enhanced security in objects' persistence in etcd
Not sure I can follow. You mean: "Moreover, schemas ensure structural consistency of data in etcd. Without anything can be stored in a resource which can have security implications."
README.md
Outdated
| These schemas are often very long and complex, and should not be written by hand. For OpenShift, we provide Makefile targets in [library-go's alpha-build-machinery](https://github.com/openshift/library-go/tree/master/alpha-build-machinery) which generate the schema. | ||
| If you make a change to a CRD type in this repo, simply calling `make update-codegen-crds` should regenerate all CRDs. If yours is not updated, ensure that the path to its API is included in our [calls to the Makefile targets](https://github.com/openshift/api/blob/release-4.5/Makefile#L17-L29). |
There was a problem hiding this comment.
regenerate all CRD schemas and update the manifests.
README.md
Outdated
| Since Kubernetes 1.16, every CRD created in `apiextensions.k8s.io/v1` is required to have a [structural OpenAPIV3 schema](https://kubernetes.io/blog/2019/06/20/crd-structural-schema/). The schemas provide server-side validation for fields, as well as providing the descriptions for `oc explain`. Structural requirements build on that to provide enhanced security in objects' persistence in etcd. As we host many of our CRDs in this repo along with their corresponding Go types we also require them to have schemas. However, the following instructions apply for CRDs that are not hosted here as well. | ||
| These schemas are often very long and complex, and should not be written by hand. For OpenShift, we provide Makefile targets in [library-go's alpha-build-machinery](https://github.com/openshift/library-go/tree/master/alpha-build-machinery) which generate the schema. |
There was a problem hiding this comment.
would reference controller-tools as well as the tool behind all of this.
damemi
force-pushed
the
document-crd-gen
branch
from
1a46271 to
7433396
Compare
|
@sttts thanks for your review, I've added the changes you suggested |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: damemi, sttts The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
damemi
changed the title
openshift-ci-robot
added
the
bugzilla/valid-bug
|
@damemi: This pull request references Bugzilla bug 1798482, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@damemi: All pull requests linked via external trackers have merged. Bugzilla bug 1798482 has been moved to the MODIFIED state. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
In particular, to get openshift/api#585: config: disable IPv6DualStack feature flag so we don't launch kube-controller-manager with that (still-broken) feature Also includes: openshift/api#557: create the IBMCLoudPlatform type for the ingress operator try2 openshift/api#570: Clarify image config doc openshift/api#569: Enable overriding service account issuer for bound tokens openshift/api#527: Add kubebuilder annotations to the network types openshift/api#574: add deprecaction notice for build pipeline strategy openshift/api#582: config/v1/types_proxy: Clarify trustedCA semantics openshift/api#583: Clarify FROM behavior in builds openshift/api#573: Add CRD generator documentation to Readme openshift/api#576: Remove Description from CLI output to improve its display openshift/api#589: Add missing enum validations openshift/api#583: operator/ingress: add dnsrecord type
In particular, to get openshift/api#585: config: disable IPv6DualStack feature flag so we don't launch kube-controller-manager with that (still-broken) feature Also includes: openshift/api#557: create the IBMCLoudPlatform type for the ingress operator try2 openshift/api#570: Clarify image config doc openshift/api#569: Enable overriding service account issuer for bound tokens openshift/api#527: Add kubebuilder annotations to the network types openshift/api#574: add deprecaction notice for build pipeline strategy openshift/api#582: config/v1/types_proxy: Clarify trustedCA semantics openshift/api#583: Clarify FROM behavior in builds openshift/api#573: Add CRD generator documentation to Readme openshift/api#576: Remove Description from CLI output to improve its display openshift/api#589: Add missing enum validations openshift/api#583: operator/ingress: add dnsrecord type
In particular, to get openshift/api#585: config: disable IPv6DualStack feature flag so we don't launch kube-controller-manager with that (still-broken) feature Also includes: openshift/api#557: create the IBMCLoudPlatform type for the ingress operator try2 openshift/api#570: Clarify image config doc openshift/api#569: Enable overriding service account issuer for bound tokens openshift/api#527: Add kubebuilder annotations to the network types openshift/api#574: add deprecaction notice for build pipeline strategy openshift/api#582: config/v1/types_proxy: Clarify trustedCA semantics openshift/api#583: Clarify FROM behavior in builds openshift/api#573: Add CRD generator documentation to Readme openshift/api#576: Remove Description from CLI output to improve its display openshift/api#589: Add missing enum validations openshift/api#583: operator/ingress: add dnsrecord type
5 participants
Adds information, links, and steps to set up and use the crd schema generator
Fixes #572
/cc @dhellmann