Invalid use of exclusiveMaximum in JSON schema for generated CRDs

[kop]

In charts/gateway-helm/crds/generated there are multiple invalid uses of exclusiveMaximum JSON schema field. For example:

https://github.com/envoyproxy/gateway/blob/main/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml#L316-L326

expectedStatuses:
  description: |-
    ExpectedStatuses defines a list of HTTP response statuses considered healthy.
    Defaults to 200 only
  items:
    description: HTTPStatus defines the http status code.
    exclusiveMaximum: true
    maximum: 600
    minimum: 100
    type: integer
  type: array

Per JSON schema spec, exclusiveMaximum should be Number, not Boolean.

Invalid JSON schema leads to problems when this spec is used to validate Helm charts.
For example, I'm embedding this schema into the schema of my Helm charts when I want to give users the ability to set some advanced Envoy Gateway settings and validate that they are correct.

Schema Embedding Example

{
  "$defs": {
    "TrafficPolicy": {
      "properties": {
        "loadBalancer": {
          "$ref": "https://raw.githubusercontent.com/datreeio/CRDs-catalog/9381fb9e9ff658f05b77f24955c72cc77dde38a1/gateway.envoyproxy.io/backendtrafficpolicy_v1alpha1.json#/properties/spec/properties/loadBalancer"
        },
        "retry": {
          "$ref": "https://raw.githubusercontent.com/datreeio/CRDs-catalog/9381fb9e9ff658f05b77f24955c72cc77dde38a1/gateway.envoyproxy.io/backendtrafficpolicy_v1alpha1.json#/properties/spec/properties/retry"
        },
        "proxyProtocol": {
          "$ref": "https://raw.githubusercontent.com/datreeio/CRDs-catalog/9381fb9e9ff658f05b77f24955c72cc77dde38a1/gateway.envoyproxy.io/backendtrafficpolicy_v1alpha1.json#/properties/spec/properties/proxyProtocol"
        },
        "tcpKeepalive": {
          "$ref": "https://raw.githubusercontent.com/datreeio/CRDs-catalog/9381fb9e9ff658f05b77f24955c72cc77dde38a1/gateway.envoyproxy.io/backendtrafficpolicy_v1alpha1.json#/properties/spec/properties/tcpKeepalive"
        },
        "healthCheck": {
          "$ref": "https://raw.githubusercontent.com/datreeio/CRDs-catalog/9381fb9e9ff658f05b77f24955c72cc77dde38a1/gateway.envoyproxy.io/backendtrafficpolicy_v1alpha1.json#/properties/spec/properties/healthCheck"
        },
        "circuitBreaker": {
          "$ref": "https://raw.githubusercontent.com/datreeio/CRDs-catalog/9381fb9e9ff658f05b77f24955c72cc77dde38a1/gateway.envoyproxy.io/backendtrafficpolicy_v1alpha1.json#/properties/spec/properties/circuitBreaker"
        },
        "timeout": {
          "$ref": "https://raw.githubusercontent.com/datreeio/CRDs-catalog/9381fb9e9ff658f05b77f24955c72cc77dde38a1/gateway.envoyproxy.io/backendtrafficpolicy_v1alpha1.json#/properties/spec/properties/timeout"
        },
        "connection": {
          "$ref": "https://raw.githubusercontent.com/datreeio/CRDs-catalog/9381fb9e9ff658f05b77f24955c72cc77dde38a1/gateway.envoyproxy.io/backendtrafficpolicy_v1alpha1.json#/properties/spec/properties/connection"
        },
        "dns": {
          "$ref": "https://raw.githubusercontent.com/datreeio/CRDs-catalog/9381fb9e9ff658f05b77f24955c72cc77dde38a1/gateway.envoyproxy.io/backendtrafficpolicy_v1alpha1.json#/properties/spec/properties/dns"
        },
        "http2": {
          "$ref": "https://raw.githubusercontent.com/datreeio/CRDs-catalog/9381fb9e9ff658f05b77f24955c72cc77dde38a1/gateway.envoyproxy.io/backendtrafficpolicy_v1alpha1.json#/properties/spec/properties/http2"
        },
        "rateLimit": {
          "$ref": "https://raw.githubusercontent.com/datreeio/CRDs-catalog/9381fb9e9ff658f05b77f24955c72cc77dde38a1/gateway.envoyproxy.io/backendtrafficpolicy_v1alpha1.json#/properties/spec/properties/rateLimit"
        },
        "faultInjection": {
          "$ref": "https://raw.githubusercontent.com/datreeio/CRDs-catalog/9381fb9e9ff658f05b77f24955c72cc77dde38a1/gateway.envoyproxy.io/backendtrafficpolicy_v1alpha1.json#/properties/spec/properties/faultInjection"
        },
        "useClientProtocol": {
          "$ref": "https://raw.githubusercontent.com/datreeio/CRDs-catalog/9381fb9e9ff658f05b77f24955c72cc77dde38a1/gateway.envoyproxy.io/backendtrafficpolicy_v1alpha1.json#/properties/spec/properties/useClientProtocol"
        },
        "compression": {
          "$ref": "https://raw.githubusercontent.com/datreeio/CRDs-catalog/9381fb9e9ff658f05b77f24955c72cc77dde38a1/gateway.envoyproxy.io/backendtrafficpolicy_v1alpha1.json#/properties/spec/properties/compression"
        },
        "responseOverride": {
          "$ref": "https://raw.githubusercontent.com/datreeio/CRDs-catalog/9381fb9e9ff658f05b77f24955c72cc77dde38a1/gateway.envoyproxy.io/backendtrafficpolicy_v1alpha1.json#/properties/spec/properties/responseOverride"
        }
      },
      "type": "object",
      "description": "Allows the user to configure the behavior of the connection between the Envoy Proxy listener and the backend service."
    }
  }
}

[kop]

On a side note, it would be great to have those schema files separate from CRDs so it would be possible to import them into custom JSON schemas directly.

[arkodg]

@kop there seems to be folks maintaining this https://github.com/datreeio/CRDs-catalog/tree/main/gateway.envoyproxy.io

[kop]

@arkodg, the repository I mentioned just contains a copy-paste from envoyproxy/gateway. IMHO, the issue should be addressed here.