Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enable the --strict option in kubeval #214

Merged
merged 2 commits into from
Mar 3, 2021
Merged

enable the --strict option in kubeval #214

merged 2 commits into from
Mar 3, 2021

Conversation

cw-ozaki
Copy link
Contributor

@cw-ozaki cw-ozaki commented Feb 10, 2021
edited
Loading 

$ kubeval --help
Validate a Kubernetes YAML file against the relevant schema

Usage:
  kubeval <file> [file...] [flags]

Flags:
      --additional-schema-locations strings   Comma-seperated list of secondary base URLs used to download schemas
  -d, --directories strings                   A comma-separated list of directories to recursively search for YAML documents
      --exit-on-error                         Immediately stop execution when the first error is encountered
  -f, --filename string                       filename to be displayed when testing manifests read from stdin (default "stdin")
      --force-color                           Force colored output even if stdout is not a TTY
  -h, --help                                  help for kubeval
      --ignore-missing-schemas                Skip validation for resource definitions without a schema
  -i, --ignored-filename-patterns strings     A comma-separated list of regular expressions specifying filenames to ignore
      --insecure-skip-tls-verify              If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kubernetes-version string             Version of Kubernetes to validate against (default "master")
      --openshift                             Use OpenShift schemas instead of upstream Kubernetes
  -o, --output string                         The format of the output of this script. Options are: [stdout json tap]
      --quiet                                 Silences any output aside from the direct results
      --reject-kinds strings                  Comma-separated list of case-sensitive kinds to prohibit validating against schemas
  -s, --schema-location string                Base URL used to download schemas. Can also be specified with the environment variable KUBEVAL_SCHEMA_LOCATION.
      --skip-kinds strings                    Comma-separated list of case-sensitive kinds to skip when validating against schemas
      --strict                                Disallow additional properties not in schema
      --version                               version for kubeval

Enabled --strict in kubeval to detect the specification of properties that do not exist in the schema.

Checklist

  • Chart Version bumped

@cw-ozaki cw-ozaki force-pushed the add-lint-kubeval-strict branch from 2cbb14b to 3492e21 Compare February 10, 2021 17:02
@cw-ozaki
Copy link
Contributor Author

Results of running lint on all charts:
https://app.circleci.com/pipelines/github/chatwork/charts/451/workflows/263d84e4-25d7-4333-9019-cd79b0e651a3/jobs/1749

@cw-sakamoto
Copy link
Contributor

If add strict, I think it will cause an error in the resources that use CRD, but in that case, I don't need to add an strict in that application, right?

@cw-ozaki
Copy link
Contributor Author

@cw-sakamoto

cw-ozaki: ~/Projects/charts/argoproj-crd (docker-desktop/test) [git:add-lint-kubeval-strict]                                      
$ helm template . | kubeval --additional-schema-locations https://raw.githubusercontent.com/cw-ozaki/kubernetes-json-schema/master/ --kubernetes-version ${KUBERNETES_VERSION:-"1.18.8"} --exit-on-error 
ERR  - argoproj-crd/templates/appproject.yaml: Failed initializing schema https://kubernetesjsonschema.dev/v1.18.8-standalone/appproject-argoproj-v1alpha1.json: Could not read schema from HTTP, response status is 404 Not Found
Failed initializing schema https://raw.githubusercontent.com/cw-ozaki/kubernetes-json-schema/master//v1.18.8-standalone/appproject-argoproj-v1alpha1.json: Could not read schema from HTTP, response status is 404 Not Found

CRD is not supported by kubeval.
This is because the schema file does not exist.

If you want to use CRD, you should not use kubeval.

@cw-sakamoto
Copy link
Contributor

@cw-ozaki
--ignore-missing-schemas , so if you have a CRD and a regular manifest, it looks like you can add this.
instrumenta/kubeval#47

@cw-ozaki
Copy link
Contributor Author

cw-ozaki commented Feb 12, 2021
edited
Loading

@cw-sakamoto
I didn't know about the flag --ignore-missing-schema!
I'll try and add it.

@cw-ozaki
Copy link
Contributor Author

@cw-sakamoto

=> Validating default value.yaml
helm template . | kubeval --strict --ignore-missing-schemas --additional-schema-locations https://raw.githubusercontent.com/cw-ozaki/kubernetes-json-schema/master/ --kubernetes-version ${KUBERNETES_VERSION:-"1.18.8"} --exit-on-error
WARN - Set to ignore missing schemas
WARN - argoproj-crd/templates/appproject.yaml containing a AppProject (my-project) was not validated against a schema

Fantastic!

@cw-ozaki cw-ozaki merged commit ecc931f into master Mar 3, 2021
@cw-ozaki cw-ozaki deleted the add-lint-kubeval-strict branch March 3, 2021 03:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taishin taishin taishin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@cw-ozaki @cw-sakamoto @taishin @k-kinzal