kubernetes: validating a yaml file against a custom resource

Question

Assuming I have a custom resource on my k8s cluster exposed on a proprietary api endpoint, e.g. somecompany/v1

Is there a way to validate a .yaml manifest describing this resource?

It his a functionality the custom resource provider should expose or it is natively supported by k8s for CRDs?

Answer 1

Let's take a look on a simple example:

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: myresources.stable.example.com
spec:
  group: stable.example.com
  versions:
    - name: v1
      served: true
      storage: true
  scope: Namespaced
  names:
    plural: myresources
    singular: myresource
    kind: MyResource
    shortNames:
    - mr
  validation:
    openAPIV3Schema:
      required: ["spec"]
      properties:
        spec:
          required: ["cert","key","domain"]
          properties:
            cert:
              type: "string"
              minimum: 1
            key:
              type: "string"
              minimum: 1
            domain:
              type: "string"
              minimum: 1 

spec.validation field describes custom validation methods for your custom resource. You can block the creation of resources using validation if certain fields are left empty. In this example, OpenAPIV3Schema validation conventions is used to check the type of some fields in our custom resource. We ensure that spec , spec.cert , spec.key , and spec.domain fields of the custom resource do exist and that they are of a String type. Users can also use validatingadmissionwebhook as a validation schema. You can find more about restrictions for using this field in the official documentation.