Missing newer kubernetes schemas (example: 1.19)

[brunoluiz]

We hit an issue with https://github.com/instrumenta/kubeval which is due to missing kubernetes 1.19 schemas.

I wonder if there could be a way to automate the generation of the JSON schemas. I could help on this, I would just need to know how exactly it is generated.

[Constantin07]

I'm facing a problem with kubeval when trying to validate K8s helm chart. Kubernetes version 1.19.5.

helmfile template | kubeval --strict
ERR  - kubernetes-dashboard/templates/ingress.yaml: Failed initializing schema https://kubernetesjsonschema.dev/master-standalone-strict/ingress-networking-v1.json: Could not read schema from HTTP, response status is 404 Not Found

Looks like missing schema for 1.19

[taurit]

I worked around missing schemas for 1.19 by generating them on my own. This seems to work at first glance, although I don't have much prior experience with kubeval:

In Linux (or WSL):

# install tooling to generate the schemas
sudo apt install python-pip
export PYTHONHTTPSVERIFY=0 # this is only because I had cert issues
pip install openapi2jsonschema

# generate a folder with schema files for a specific version (1.19.3 in this case)
openapi2jsonschema -o "v1.19.3-standalone-strict" --kubernetes --stand-alone --strict https://raw.githubusercontent.com/kubernetes/kubernetes/v1.19.3/api/openapi-spec/swagger.json

# now fork this repo, add the generated files, commit, push

# tell kubeval to use your repo instead of the default one
kubeval --kubernetes-version 1.19.3 --strict --schema-location https://raw.githubusercontent.com/taurit ingress.yaml

# Output:
# The document ingress.yaml contains a valid Ingress

[mark007]

@taurit how did you generate your own schemas. Is there someone that confirm the original schema location is not being kept upto date, and we need to look for another source to point to for the schemas. kubeval is really no longer usable without this.

[taurit]

@taurit how did you generate your own schemas

@mark007 I used the openapi2jsonschema tool. It is mentioned in the readme of this project. All the commands I used are in the post above yours :)

[tricky42]

Thanks @taurit for your example. I just ran into an issue where I needed to validate k8s yamls and now I am stuck in this rabbit hole ;) I think with the provided information it will be easy to get to working solution for me locally.

In general I think @mark007 question is still valid as it would still be helpful to have a repo containing the current json schemas. As part of my journey on this topic I first found

https://github.com/garethr/kubernetes-json-schema

containing schemas for K8S versions up to v1.14. Looking for an alternative I found this repo and checked for the included versions and recognized that it is also not uptodate but at least is containing schemas up to v1.18.1...

It doesnt look like such a big overhead to update schemas so I am wondering why this repo is not being updated anymore and PRs are not merged. Maybe we can simplify / automated the process using GitActions, would you be open for such a PR?

[Constantin07]

It doesnt look like such a big overhead to update schemas so I am wondering why this repo is not being updated anymore and PRs are not merged.

I'm also wondering why the outstanding PRs from 2019 & 2020 are not merged. There are not comments left by reviews that there is something wrong with them.

[joaopi]

Hi @brunoluiz I had the same problem, and it appears this repo is not being actively maintained.

I found that you can find the latest schemas, maintained by AWS for its cdk8s project here: https://github.com/awslabs/cdk8s/tree/master/kubernetes-schemas

Hope this helps everyone!

[dmourao]

I've created a PR https://github.com/instrumenta/kubernetes-json-schema/pull/28 to add support for v1.19.3

kubeval --strict --kubernetes-version 1.19.3 --schema-location https://raw.githubusercontent.com/dmourao/kubernetes-json-schema/master ingress.yaml
PASS - ingress.yaml contains a valid Ingress (webrtc-service)

[alexrashed]

As mentioned above, it looks like this repo isn't actively maintained. The schemas in awslabs/cdk8s unfortunately don't contain the script versions (which are necessary in my case).

Does anyone know of a fork or any other place where the strict schemas could be found?

[yannh]

Hello, I maintain https://github.com/yannh/kubeconform/ which also uses schemas from this repository. As long as kubeconform will rely on kubernetes-json-schema, I will maintain a fork at https://github.com/yannh/kubernetes-json-schema , if only for myself ;) Things I want to look into:

• Automating the update of this repository using a scheduled Github Action
• Actually updating Kubeconform to use OpenAPI directly and not require the conversion to JSON Schemas anymore.. There is some code here https://github.com/kubernetes/kube-openapi/tree/master/pkg/validation that might work? But this would be further in the future.

[yannh]

Alright https://github.com/yannh/kubernetes-json-schema now contains schemas for all release patch versions from 1.17 and up. I have updated https://github.com/yannh/kubernetes-json-schema/blob/master/build.sh to get the list of tags automatically from the Kubernetes registry rather than hardcode them. I am pretty close to getting it to auto-update, though the generation is actually a LOT more time-intensive than I thought and I'd certainly blast through my github actions quota, so I m generating manually for now :)

I've also forked https://github.com/yannh/openapi2jsonschema and added a public Docker Image - I will be iterating on this in the future.

Kubeconform now default to files from this new repository.

[brunoluiz]

@yannh That is a really good idea! Hopefully, this will eventually be merged back to this repo. Two things though:

1. Perhaps creating a Golang program might help to curb the CI time? You can run the tasks in different go routines. Then, you can set the GH Action to run every day (it supports crons iirc)
2. If this is successfully automated, I wonder if it wouldn't be useful to open a pull request in https://github.com/instrumenta/kubeval to replace the default schema --schema-location

[yannh]

@brunoluiz I .. started, but Go is absolutely not great at dealing with arbitrary JSON files :) Maybe python will be fast enough to just compute the missing versions, I will give this another try soon. For kubeval - I was going to document how to use that repo with kubeval, however kubeval's maintainer is the same as this repo's maintainer, so he might as well merge my changes ;) @garethr :wave: happy to help maintain here.

[yannh]

Ok so... https://github.com/yannh/kubernetes-json-schema is now self-updating every second day, for all versions above 1.12... I guess this will run until Github shuts it down, the repo might get big :grimacing:

[jcmcken]

@yannh First of all, thanks for keeping the schemas up-to-date. It seems like many of these instrumenta repos are somewhat dead, and I've had a lot of troubles generating these schemas locally using openapi2jsonschema.

No issue tracker on the fork, so pardon if it's weird to comment here. It would be nice if the size of the repo were smaller somehow, maybe by putting each schema version on a different branch, not really sure. The versions of git available in our environment don't support filtered clones, so we have to checkout the entire repo which is painfully slow. Anyway, we can live with it, just would be nice to have a more streamlined way of downloading schemas for a specific version of Kubernetes.

[yannh]

My bad - I have enabled the issues there now. Could you open a ticket there for further discussions?

This script is what the fork uses to generate the schemas: https://github.com/yannh/kubernetes-json-schema/blob/master/build.sh It relies on a docker image that contains a fork of openapi2jsonschema. If you are able to run docker containers, this would be your best bet. The script should be easy to patch to generate json schemas for a single version of Kubernetes.

On the size of the repository - yes, this problem will not get smaller. I do not have a perfect answer just now, apart from removing older versions and recommending shallow clones.

[sbillon]

Thx a lot @yannh for this new updated repo ! How can I get easly the actual master version ?

[yannh]

@sbillon and others in this thread > move support requests to the fork :) If your question was: "Are the master-* folders up-to-date in yannh/kubernetes-json-schema", they now are updated every 2 days.

[abhi1693]

We have set up this repository at https://github.com/Onemind-Services-LLC/kubernetes-json-schema. Anyone interested in using this is welcome.

We will keep this up-to-date as much as possible

[remram44]

There's also https://github.com/yannh/kubernetes-json-schema used by Kubeconform

[wyardley]

Would be nice to see 1.20 and 1.21 as well.

[remram44]

This hasn't been updated in years, posting here does nothing. See https://github.com/yannh/kubernetes-json-schema for an up to date repository.