search

instrumenta / kubeval

Validate your Kubernetes configuration files, supports multiple Kubernetes versions
https://kubeval.com
Other
3.16k stars 229 forks source link

Support for document separators #4

Closed elblivion closed 7 years ago

elblivion commented 7 years ago

Some of our specs use a valid multi-document YAML format:

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
  name: admin-access
rules:
  - apiGroups: ["*"]
    resources: ["*"]
    verbs: ["*"]
  - nonResourceURLs: ["*"]
    verbs: ["*"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1alpha1
metadata:
  name: kubelet-role-binding
subjects:
- kind: User
  name: kubelet
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: admin-access

It seems like the YAML library used in kubeval doesn't support this yet: https://github.com/go-yaml/yaml#compatibility, so at the very least kubeval should warn the user that this is not supported (in testing, only the first YAML document in the file is parsed and the rest silently discarded).

garethr commented 7 years ago

I have some initial work on this in https://github.com/garethr/kubeval/pull/9 which seems to basically work. I want to clean it up, but if you have time and inclination I'd love any feedback.

For instance, using the fixture in this PR: 

go run main.go fixtures/multi.yaml
The document fixtures/multi.yaml is not a valid Service
--> spec.ports.0.port: Invalid type. Expected: integer, given: string
The document fixtures/multi.yaml is a valid ReplicationController
The document fixtures/multi.yaml is a valid Service
The document fixtures/multi.yaml is a valid ReplicationController
The document fixtures/multi.yaml is a valid Service
The document fixtures/multi.yaml is a valid ReplicationController
exit status 1
garethr commented 7 years ago

Merged #9. Releasing an update now.