search

yannh / kubeconform

A FAST Kubernetes manifests validator, with support for Custom Resources!
Apache License 2.0
2.15k stars 121 forks source link

Missing `image` field not flagged #193

Open james-callahan opened 1 year ago

james-callahan commented 1 year ago

With a bad patch I accidentally created an invalid deployment (I inserted an extra container to add resources rather than changing the existing one):

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/name: cert-manager
  name: cert-manager
  namespace: cert-manager
spec:
  selector:
    matchLabels:
      app.kubernetes.io/component: controller
      app.kubernetes.io/name: cert-manager
  template:
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/name: cert-manager
    spec:
      containers:
      - name: cert-manager
        resources:
          requests:
            memory: 35Mi
      - args:
        - --v=2
        - --cluster-resource-namespace=$(POD_NAMESPACE)
        - --leader-election-namespace=$(POD_NAMESPACE)
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: quay.io/jetstack/cert-manager-controller:v1.11.1@sha256:4f1782c8316f34aae6b9ab823c3e6b7e6e4d92ec5dac21de6a17c3da44c364f1
        name: cert-manager-controller
        .... more here

When I attempted to apply this to my cluster, I got the error from kubernetes:

Deployment.apps "cert-manager" is invalid: spec.template.spec.containers[0].image: Required value

I'm surprised that kubeconform didn't flag this problem; shouldn't it have?

jacksgt commented 4 weeks ago

I just ran into the same problem with a missing image in a CronJob / Job: kubeconform did not detect the condition, but the Kubernetes API complained about the "Required value".