search

cocreators-ee / project-template

Project template for kick-starting your work the right way
Other
5 stars 7 forks source link

Kubeval validation of merges #40

Closed joakimnordling closed 4 years ago

joakimnordling commented 4 years ago

The kube merge files, which are stored under envs/{env}/merges/.../kube/ can't in many cases be validated by kubeval. This is why I've submitted a PR #39 to for the time being skip the validation of these files.

They could be validated to be valid YAML files, but kubeval validates more than that; it validates they are YAML files that kubernetes will understand. The merge files often contain partial files, like this one (fetched from devops/tests/test_utils.py):

spec:
  template:
    spec:
      containers:
        -
        - volumeMounts:
            - mountPath: /var/run/docker.sock
              name: docker-volume
        - securityContext:
            allowPrivilegeEscalation: true
      volumes:
        - persistentVolumeClaim: ~
        - name: docker-volume
          hostPath:
            path: /var/run/docker.sock

If you try to run kubeval on that file, it'll report: ERR - merge-example.yaml: Missing 'kind' key

In order to be able to fully validate the merge files directly using kubeval it'd mean that the basic idea of just overriding the necessary parts of the file would be gone, as one would have to add all the keys that are mandatory for that kind of document.

The best idea I can think of for validating these files would be to skip the validation of the merge files as stand alone files and perform the merge of the main file and the merge file to form a full YAML file and feed that to kubeval for validation instead.