Validating a CRD that includes and embedded core v1 Pod

#1

I’m developing a CRD with controller to support stateful workloads. We have a CRD that includes the full embedded pod spec.

I for the life for me can’t figure out how to validate a spec. The fields we have added to the crd are pretty straight forward, but I can’t find an example on how to validate the pod spec itself.

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: db.example.com
spec:
  group: db.example.com
  versions:
    - name: v1alpha1
      served: true
      storage: true
  names:
    kind: DatabasePod
    plural: databasepods
    singular: databasepod
    shortNames:
    - dp
  scope: Namespaced
  additionalPrinterColumns:
  - JSONPath: .status.phase
    name: Status
    type: string
  - JSONPath: .metadata.resourceVersion
    name: Version
    type: string
  - JSONPath: .spec.myvar1
    name: Myvar1
    type: boolean
  - JSONPath: .spec.myvar2
    name: Myvar2
    type: boolean
  validation:
    openAPIV3Schema:
      properties:
        spec:
          required:
            - myvar1
            - myvar2
            - myvar3
            - podSpec
          properties:
            myvar1:
              type: boolean
            myvar2:
              type: boolean
            myvar3:
              required:
                - subvar1
                - subvar2
              properties:
                subvar1:
                  type: string
                  pattern: ^(this|that)$
                subvar2:
                  type: string
            podSpec: # Here I need to validate a vanilla core v1 podspec (this section needs to support everything that is valid in core v1 Pod)
              required:
                apiVersion:
                   type: string
                <SNIP>

Do I need to essentially add every single field and type like I did above for the custom fields of my CRD? If so, is there an example of how to validate lists and objects and some of the other things in a pod spec?

I’ve dug around the kubernetes code and can’t figure out how it does validate on a normal pod spec.