list namespaced crd objects using crd yaml without global crd reading permission

[LeiYangGH]

similiar to issue 740, which deals with creating. but now i'm listing.

What is the feature and why do you need it:

In certain circumstances, the servcie account doesn't have read permission to read global crd, but we already have crd yaml locally. and i want to list namespaced cr objects.

config.load_incluster_config()
crs = client.CustomObjectsApi().list_namespaced_custom_object(group="company.com", version="v1beta1",
                                                                   plural="some-configs", namespace='namespace')

won't work because it tries to read global crd via k8s api first(no permission).

Describe the solution you'd like to see:

config.load_incluster_config()
crs = client.CustomObjectsApi().list_namespaced_custom_object(group="com.company", version="v1beta1",
         plural="some-configs", namespace='namespace', crd_yaml=loadresource(some_local_file))

We have similiar issue with java client and we have some working code like this:

  public final CustomResourceDefinition extractCrdInfo(NamespacedKubernetesClient client,
      String localCrdFileName){
    InputStream is = getClass().getResourceAsStream(localCrdFileName);
    return loadCRD(client, is);
  }

  public final CustomResourceDefinitionContext buildCrdCtx(CustomResourceDefinition crd) {
    return new CustomResourceDefinitionContext.Builder()
        .withName(crd.getMetadata().getName())
        .withScope("Namespaced")
        .withVersion("v1beta1")
        .withPlural(crd.getSpec().getNames().getPlural())
        .withKind(crd.getSpec().getNames().getKind())
        .withGroup(crd.getSpec().getGroup())
        .build();
  }
    return client.customResources(resourceCrdCtx, SOMEJAVA.class, SOMEJAVA1.class,
        SOMEJAVA2.class);

[roycaihw]

/assign

[roycaihw]

Could you enable debug logging and see what HTTP endpoints the client hits? I'd be surprised if list_namespaced_custom_object tries to reach a CRD (apiextensions) endpoint

[LeiYangGH]

i will do it later. i thought i was watching(using java api). will add the logs later.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale