Skip to content

Add fallback decoder for unknown resources to handle CRDs #1037

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: kubeconform
Choose a base branch
from
Open

Add fallback decoder for unknown resources to handle CRDs #1037

wants to merge 5 commits into from

Conversation

janisz
Copy link
Collaborator

@janisz janisz commented Oct 8, 2025
edited
Loading

This PR adds a fallback when decoding unknown resources to be able to handle CRDs. The schema validation could be then performed with kubeconform check from #1033 and CEL from #1012. This should fix #606
It also deprecates the --fail-on-invalid-resource as it could be replaced by a new schema-validation check or kubeconform
This could be considered as breaking change as it changes the semantic of --fail-on-invalid-resource to fail on invalid yamls instead of failing on unknown objects or not matching schema but this could be mitigated by kubeconform.

Changes:

  • Modified parseObjects to use unstructured decoder as fallback for unknown resource types
  • Added comprehensive test suite covering standard K8s resources and CRDs
  • Maintained backward compatibility for existing decode error handling
  • Added test cases for Tekton Task CRD and other custom resources

The fallback allows kube-linter to parse CRDs like Tekton Pipelines without
failing, while delegating proper schema validation to specialized templates
like kubeconform and CEL expressions.

Fixes:

Refs:

🤖 Generated with Claude Code

Co-Authored-By: Claude [email protected]

@janisz janisz requested a review from rhybrillou as a code owner October 8, 2025 16:09
@janisz
Copy link
Collaborator Author

janisz commented Oct 8, 2025

Tested by rebasing #1033 on this PR and running test from e2e but with flag

# ./kube-linter lint tests/checks/kubeconform.yml --fail-on-invalid-resource --do-not-auto-add-defaults --config e2etests/testdata/kubeconform-config.yaml
KubeLinter development

./tests/checks/kubeconform.yml: (object: default/invalid-daemonset apps/v1, Kind=DaemonSet) resource is not valid: problem validating schema. Check JSON formatting: jsonschema validation failed with 'https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone-strict/daemonset-apps-v1.json#' - at '/spec': additional properties 'replicas' not allowed (check: kubeconform-validation, remediation: Fix the resource to conform to the Kubernetes API schema)

./tests/checks/kubeconform.yml: (object: default/invalid-pod /v1, Kind=Pod) resource is not valid: problem validating schema. Check JSON formatting: jsonschema validation failed with 'https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/master-standalone-strict/pod-v1.json#' - at '/spec': additional properties 'invalidField' not allowed (check: kubeconform-validation, remediation: Fix the resource to conform to the Kubernetes API schema)

- ./tests/checks/kubeconform.yml: (object: <no namespace>/ /, Kind=) failed to decode: no kind "CustomResource" is registered for version "example.com/v1" in scheme "pkg/runtime/scheme.go:110" (check: failed-to-load-object, remediation: Confirm that the file is accessible and is valid k8s yaml.)

- Error: found 3 lint errors
+ Error: found 2 lint errors

janisz added 2 commits October 9, 2025 10:30
@janisz
Add fallback decoder for unknown resources to handle CRDs
517e5e8 
  This PR adds a fallback when decoding unknown resources to be able to handle
  CRDs. The schema validation could be then performed with kubeconform check
  from #1033 and CEL from
  #1012. This should fix
  #606

  Changes:
  - Modified parseObjects to use unstructured decoder as fallback for unknown resource types
  - Added comprehensive test suite covering standard K8s resources and CRDs
  - Maintained backward compatibility for existing decode error handling
  - Added test cases for Tekton Task CRD and other custom resources

  The fallback allows kube-linter to parse CRDs like Tekton Pipelines without
  failing, while delegating proper schema validation to specialized templates
  like kubeconform and CEL expressions.

  🤖 Generated with [Claude Code](https://claude.ai/code)

  Co-Authored-By: Claude <[email protected]>

Signed-off-by: Tomasz Janiszewski <[email protected]>
@janisz
add a check
2eb9460 
Signed-off-by: Tomasz Janiszewski <[email protected]>
@janisz janisz force-pushed the allow_custom_resources branch from 1154b9e to 2eb9460 Compare October 9, 2025 08:59
@janisz janisz changed the base branch from main to kubeconform October 9, 2025 08:59
@janisz
Copy link
Collaborator Author

janisz commented Oct 9, 2025

This change is part of the following stack:

Change managed by git-spice.

This was referenced Oct 9, 2025
Open
Open
janisz added 3 commits October 9, 2025 12:20
@janisz
fix
da4ff53 
Signed-off-by: Tomasz Janiszewski <[email protected]>
@janisz
fix
6fd433c 
Signed-off-by: Tomasz Janiszewski <[email protected]>
@janisz
fix
d804814 
Signed-off-by: Tomasz Janiszewski <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rhybrillou rhybrillou Awaiting requested review from rhybrillou rhybrillou is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] failed to decode: no kind "Pipeline" is registered for version "tekton.dev/v1beta1"

1 participant

@janisz