Kubeval fails for validation

[surajnarwade]

here is sample service file,

apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: httpd
  name: INVALID-e_f
spec:
  ports:
  - port: 8080
    targetPort: 80
  selector:
    app: httpd
  type: INVALID
status:
  loadBalancer: {}

after running kubeval, it shows valid, but it's not

$ kubeval service.yml 
The document docker-compose.yml contains a valid Service

[garethr]

Unfortunately in both these cases the schema doesn't contain the information required to do validation of values, or rather it's included as text in the description field:

For the name: https://github.com/garethr/kubernetes-json-schema/blob/master/master-standalone/service.json#L179

and for type: https://github.com/garethr/kubernetes-json-schema/blob/master/master-standalone/service.json#L135

In the case of type this should include an enum:

 "enum": ["ExternalName", "ClusterIP", "NodePort", "LoadBalancer"]

Name should validate the DNS_RECORD with the regex from the source

"regex": "[a-z0-9]([-a-z0-9]*[a-z0-9])?"

This might be a limitation of OpenAPI 2.0, or of the go-openapi library. I'll open an issue to track upstream.

[devikaturi]

I am trying to use kubeval library in my project. calling the validate function: kubeval.Validate([]byte("v1.7.2"), "D:/Playground/nginx-deployment.yaml")

Throws the following error :

• Missing a kind key

Whats could be the reason for the failure? am I calling the validate function in the right way?

the deployment file is valid: apiVersion: apps/v1beta1 # for versions before 1.6.0 use extensions/v1beta1 kind: Deployment metadata: name: nginx-deployment spec: replicas: 3 template: metadata: labels: app: nginx spec: containers:

• name: nginx image: nginx:1.7.9 ports:
  • containerPort: 80

[garethr]

Posted to SIG API Machinery to check my assumptions on this https://groups.google.com/forum/#!topic/kubernetes-sig-api-machinery/Q9tGqhV4ZNA

[surajnarwade]

nice :+1:

[garethr]

https://github.com/kubernetes/kubernetes/issues/24562 is the upstream issue for enums and https://github.com/kubernetes/kubernetes/issues/8116 is the relevant issue for regexes. Ideally this will be fixed here and then autogenerating the schemas will do the right thing.

[surajnarwade]

@garethr , if we add something like additionalkeys: false in jsonschema, it will also restricts any extra key, right ?

[garethr]

@surajnarwade correct. See the code in #32 and the discussion in #24. I don't think this affects the issue above however.

[surajnarwade]

@garethr yeah, thanks, this will not affect this issue though