Comments (6)
Thanks for reporting.
I think the answer here is additionalProperties
, which should throw an error whenever a key not in the schema is used. This isn't in the upstream schema, but that might be an openapi vs json schema difference. I'll check and hopefully add that to everything.
from kubeval.
So, according to the spec https://github.com/garethr/kubernetes-json-schema/blob/master/master-standalone/daemonset.json this should be valid.
Hopefully this is a generic behaviour of the API and I can patch kubeval accordingly. When I get a moment I'll ask on SIG API Machinery and open an upstream bug.
from kubeval.
Posted to API SIG Machinery to sanity check https://groups.google.com/forum/#!topic/kubernetes-sig-api-machinery/sz948IbCH2A
from kubeval.
So, looking into this further this behaviour is from kubectl
not the Kubernetes API: https://github.com/kubernetes/kubernetes/blob/225b9119d6a8f03fcbe3cc3d590c261965d928d0/pkg/kubectl/validation/schema.go#L312
from kubeval.
The deal appears to be:
- The Kubernetes API will accept additional properties, and simply ignore them
- However
kubectl
(since kubernetes/kubernetes#11914) will try and steer you towards avoiding additional properties, although you can ignore than with--validate=false
So kubeval
is right, in the sense that the document is valid for the API. But it's probably more useful at least to allow this to do the same checks as kubectl. My plan at the moment is:
- To publish a new set of schemas with
"additionalProperties": false
on everything that doesn't already have it - To set a strict flag on
kubeval
to switch to using these schemas - To default that flag to True, so it's the default behaviour
from kubeval.
I have a PR up with a fix for this in #32, I need a bit of time to add a few tests and some documentation but if you want to build from source you could check it out.
On the sample manifest with additional properties this now correctly flags the replica
key.
kubeval --strict .\fixtures\extra_property.yaml
The document .\fixtures\extra_property.yaml contains an invalid DaemonSet
---> replicas: Additional property replicas is not allowed
from kubeval.
Related Issues (20)
- kubeval release download not in gzip format? HOT 1
- Calling bottle :unneeded is deprecated warning with brew HOT 2
- SARIF output management ?
- Failed initializing schema v1beta3
- Validation of Kustomization files HOT 1
- Validation error: Additional property seccompProfile is not allowed HOT 4
- error when attempting to lint poddisruption budget HOT 1
- Error 404 on schema json file when validate HOT 1
- Errors ignore output string type HOT 1
- ingressclass-networking-v1.json: Could not read schema from HTTP, response status is 404 Not Found HOT 7
- Valid resource failed validation with 404 schema not found
- Kubernetes OpenAPI v3 HOT 5
- kubeval of "helm create test-helm" fails HOT 1
- Latter half of domain is cut off resource group
- [BUG] ConfigMap Validation should be ERROR but is WARN HOT 3
- Connection reset by peer HOT 1
- Missing 'kind' key && getting Failed to decode YAML Errors HOT 1
- Maintenance information HOT 3
- Kubeval config file to reuse custom settings
- Add Support for .kubevalignore file HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubeval.