What happens:
Create a mult-version CRD with a conversion webhook configured with an invalid CABundle:
$ kubectl apply -f crd.yaml
customresourcedefinition.apiextensions.k8s.io/replicant.stable.example.com created
Read the CRD back:
$ kubectl get crd replicant.stable.example.com -oyaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
...
Attempt to create a CR using the storage version:
$ kubectl apply cr1.yaml
Error from server (InternalError): error when retrieving current configuration of:
Resource: "stable.example.com/v1, Resource=replicant", GroupVersionKind: "stable.example.com/v1, Kind=Replicant"
Name: "cr1", Namespace: "default"
from server for: "cr-1.yaml": Internal error occurred: error resolving resource
$ grep "customresource_handler" /tmp/local-kube-apiserver.log
E0308 12:57:41.892888 1158130 customresource_handler.go:301] unable to load root certificates: unable to parse bytes as PEM block
What I expected:
Since creating cr-1.yaml doesn't require conversion, I would have expected either:
- An error response when attempting to create/update the CRD with an invalid CABundle
- Only an error when conversion is required to server a request