externalTrafficPolicy/enum must NOT have duplicate items on 1.0.61

[bcha]

Getting curious ..externalTrafficPolicy/enum must NOT have duplicate items (items ## 2 and 3 are identical) errors suddenly. Noticed this with our applications running kubevious in CI/CD and I can replicate this locally as well.

This seems to be somehow related to the latest release 1.0.61 and the --k8s-version parameter.

These seem to happen with pretty much any kind of deployment.yaml. We first ran into these with our own huge manifests, but in this example I just used something simple I copypasted from k8s docs:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80

With 1.0.60:

➜ cat deployment.yaml | docker run --rm -i kubevious/cli:1.0.60 guard --stream --k8s-version v1.29 --ignore-unknown --skip-rules container-env-secret-ref container-env-from-secret-ref pod-spec-volume-secret-ref
- Identifying manifest sources...
✔ Sources identified.
- Loading manifests...
✔ Manifests loaded.
- Reading manifests from stdin...
✔ Received manifests from stdin.
- Loading K8s API Schema...
✔ Fetched K8s API schema.
- Linting manifests...
✔ Lint complete.
- Populating local RulesLibrary...
-   Loading Libraries...
✔   Libraries loaded.
-   Loading ClusterRules...
✔   ClusterRules loaded.
-   Loading Rules...
✔   Rules loaded.
-   Loading RuleApplicators...
✔   RuleApplicators loaded
✔ RulesLibrary locally populated.
- Validating rules...
✔ Rules validation complete.
⚠️  Could not find requested Kubernetes Version: v1.29
ℹ️  Linting against Kubernetes Version: 1.25.2

-= SOURCES =-
   ✅ No issues with sources.

-= MANIFESTS =-
   ✅ No issues with manifests.

-= RULES =-
   ✅ No issues with rules.

-= SUMMARY =-
    📚 Sources: 42
        ✖️  Sources with Errors: 0
    📄 Manifests: 42
        ✅ Valid Manifests: 42
        ✖️  Manifests with Errors: 0
        ❕ Manifests with Warnings: 0
        ☑️  Manifests Processed for Rules: 0
        ✖️  Manifests with Rule Errors: 0
        ❕ Manifests with Rule Warnings: 0
    📜 Rules: 33
        ✅ Rules Passed: 33
        ✖️  Rules Failed: 0
        🔘 Rules with Errors: 0
        ❕ Rules with Warnings: 0

ℹ️  Run with --detailed to see all sources and manifests

✅ Guard Succeeded.

With 1.0.61:

➜ cat deployment.yaml | docker run --rm -i kubevious/cli:1.0.61 guard --stream --k8s-version v1.29 --ignore-unknown --skip-rules container-env-secret-ref container-env-from-secret-ref pod-spec-volume-secret-ref
- Identifying manifest sources...
✔ Sources identified.
- Loading manifests...
✔ Manifests loaded.
- Reading manifests from stdin...
✔ Received manifests from stdin.
- Loading K8s API Schema...
✔ Fetched K8s API schema.
- Linting manifests...
✔ Lint complete.
- Populating local RulesLibrary...
-   Loading Libraries...
✔   Libraries loaded.
-   Loading ClusterRules...
✔   ClusterRules loaded.
-   Loading Rules...
✔   Rules loaded.
-   Loading RuleApplicators...
✔   RuleApplicators loaded
✔ RulesLibrary locally populated.
- Validating rules...
✔ Rules validation complete.
ℹ️  Linting against Kubernetes Version: 1.29.4

-= SOURCES =-
   ✅ No issues with sources.

-= MANIFESTS =-
   ❌ API: apiextensions.k8s.io/v1, Kind: CustomResourceDefinition, Name: clusterrules.kubevious.io
      📄 FILE: /usr/local/lib/node_modules/kubevious/assets/crds/cluster-rule.yaml
      🔴 schema is invalid: data/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalTrafficPolicy/enum must NOT have duplicate items (items ## 2 and 3 are identical)
      🔴 schema is invalid: data/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalTrafficPolicy/enum must NOT have duplicate items (items ## 2 and 3 are identical)

   ❌ API: apiextensions.k8s.io/v1, Kind: CustomResourceDefinition, Name: libraries.kubevious.io
      📄 FILE: /usr/local/lib/node_modules/kubevious/assets/crds/library.yaml
      🔴 schema is invalid: data/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalTrafficPolicy/enum must NOT have duplicate items (items ## 2 and 3 are identical)
      🔴 schema is invalid: data/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalTrafficPolicy/enum must NOT have duplicate items (items ## 2 and 3 are identical)

   ❌ API: apiextensions.k8s.io/v1, Kind: CustomResourceDefinition, Name: ruleapplicators.kubevious.io
      📄 FILE: /usr/local/lib/node_modules/kubevious/assets/crds/rule-applicator.yaml
      🔴 schema is invalid: data/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalTrafficPolicy/enum must NOT have duplicate items (items ## 2 and 3 are identical)
      🔴 schema is invalid: data/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalTrafficPolicy/enum must NOT have duplicate items (items ## 2 and 3 are identical)

   ❌ API: apiextensions.k8s.io/v1, Kind: CustomResourceDefinition, Name: rules.kubevious.io
      📄 FILE: /usr/local/lib/node_modules/kubevious/assets/crds/rule.yaml
      🔴 schema is invalid: data/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalTrafficPolicy/enum must NOT have duplicate items (items ## 2 and 3 are identical)
      🔴 schema is invalid: data/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalTrafficPolicy/enum must NOT have duplicate items (items ## 2 and 3 are identical)

   ⚠️  API: kubevious.io/v1alpha1, Kind: Library, Name: library
      🌐 WEB: https://raw.githubusercontent.com/kubevious/rules-library/main/index.yaml
      ⚠️  Unknown API Resource. apiVersion: kubevious.io/v1alpha1, kind: Library.

   ❌ Namespace: default, API: apps/v1, Kind: Deployment, Name: nginx-deployment
      ♒ STREAM: stream
      🔴 schema is invalid: data/definitions/io.k8s.api.core.v1.ServiceSpec/properties/externalTrafficPolicy/enum must NOT have duplicate items (items ## 2 and 3 are identical)


-= RULES =-
   ✅ No issues with rules.

-= SUMMARY =-
    📚 Sources: 42
        ✖️  Sources with Errors: 0
    📄 Manifests: 42
        ✅ Valid Manifests: 36
        ❌ Manifests with Errors: 5
        ⚠️  Manifests with Warnings: 1
        ☑️  Manifests Processed for Rules: 0
        ✖️  Manifests with Rule Errors: 0
        ❕ Manifests with Rule Warnings: 0
    📜 Rules: 33
        ✅ Rules Passed: 33
        ✖️  Rules Failed: 0
        🔘 Rules with Errors: 0
        ❕ Rules with Warnings: 0

ℹ️  Run with --detailed to see all sources and manifests

❌ Guard Failed

With 1.0.61 I get success if I leave out --k8s-version:

➜ cat deployment.yaml | docker run --rm -i kubevious/cli:1.0.61 guard --stream --ignore-unknown --skip-rules container-env-secret-ref container-env-from-secret-ref pod-spec-volume-secret-ref
- Identifying manifest sources...
✔ Sources identified.
- Loading manifests...
✔ Manifests loaded.
- Reading manifests from stdin...
✔ Received manifests from stdin.
- Loading K8s API Schema...
✔ Fetched K8s API schema.
- Linting manifests...
✔ Lint complete.
- Populating local RulesLibrary...
-   Loading Libraries...
✔   Libraries loaded.
-   Loading ClusterRules...
✔   ClusterRules loaded.
-   Loading Rules...
✔   Rules loaded.
-   Loading RuleApplicators...
✔   RuleApplicators loaded
✔ RulesLibrary locally populated.
- Validating rules...
✔ Rules validation complete.
ℹ️  Linting against Kubernetes Version: 1.30.0

-= SOURCES =-
   ✅ No issues with sources.

-= MANIFESTS =-
   ✅ No issues with manifests.

-= RULES =-
   ✅ No issues with rules.

-= SUMMARY =-
    📚 Sources: 42
        ✖️  Sources with Errors: 0
    📄 Manifests: 42
        ✅ Valid Manifests: 42
        ✖️  Manifests with Errors: 0
        ❕ Manifests with Warnings: 0
        ☑️  Manifests Processed for Rules: 0
        ✖️  Manifests with Rule Errors: 0
        ❕ Manifests with Rule Warnings: 0
    📜 Rules: 33
        ✅ Rules Passed: 33
        ✖️  Rules Failed: 0
        🔘 Rules with Errors: 0
        ❕ Rules with Warnings: 0

ℹ️  Run with --detailed to see all sources and manifests

✅ Guard Succeeded.

[rubenhak]

@bcha, good finding Looks like the schema for version 1.29.4 has duplicate entries, which is not the case for the least 1.30.0

["Cluster","Cluster","Local","Local"]

I will investigate and let you know further.

[rubenhak]

@bcha, this is fixed in the latest release v1.0.62.

$ cat deployment.yaml | docker run --rm -i kubevious/cli:1.0.62 guard --stream --k8s-version v1.29 --ignore-unknown --skip-rules container-env-secret-ref container-env-from-secret-ref pod-spec-volume-secret-ref

- Identifying manifest sources...
✔ Sources identified.
- Loading manifests...
✔ Manifests loaded.
- Reading manifests from stdin...
✔ Received manifests from stdin.
- Loading K8s API Schema...
✔ Fetched K8s API schema.
- Linting manifests...
✔ Lint complete.
- Populating local RulesLibrary...
-   Loading Libraries...
✔   Libraries loaded.
-   Loading ClusterRules...
✔   ClusterRules loaded.
-   Loading Rules...
✔   Rules loaded.
-   Loading RuleApplicators...
✔   RuleApplicators loaded
✔ RulesLibrary locally populated.
- Validating rules...
✔ Rules validation complete.
ℹ️  Linting against Kubernetes Version: 1.29.4

-= SOURCES =-
   ✅ No issues with sources.

-= MANIFESTS =-
   ✅ No issues with manifests.

-= RULES =-
   ✅ No issues with rules.

-= SUMMARY =-
    📚 Sources: 42
        ✖️  Sources with Errors: 0
    📄 Manifests: 42
        ✅ Valid Manifests: 42
        ✖️  Manifests with Errors: 0
        ❕ Manifests with Warnings: 0
        ☑️  Manifests Processed for Rules: 0
        ✖️  Manifests with Rule Errors: 0
        ❕ Manifests with Rule Warnings: 0
    📜 Rules: 33
        ✅ Rules Passed: 33
        ✖️  Rules Failed: 0
        🔘 Rules with Errors: 0
        ❕ Rules with Warnings: 0

ℹ️  Run with --detailed to see all sources and manifests

✅ Guard Succeeded.

[rubenhak]

Closing this issue.