GithubHelp home page GithubHelp logo

Comments (6)

garethr avatar garethr commented on August 27, 2024

Thanks for reporting.

I think the answer here is additionalProperties, which should throw an error whenever a key not in the schema is used. This isn't in the upstream schema, but that might be an openapi vs json schema difference. I'll check and hopefully add that to everything.

from kubeval.

garethr avatar garethr commented on August 27, 2024

So, according to the spec https://github.com/garethr/kubernetes-json-schema/blob/master/master-standalone/daemonset.json this should be valid.

Hopefully this is a generic behaviour of the API and I can patch kubeval accordingly. When I get a moment I'll ask on SIG API Machinery and open an upstream bug.

from kubeval.

garethr avatar garethr commented on August 27, 2024

Posted to API SIG Machinery to sanity check https://groups.google.com/forum/#!topic/kubernetes-sig-api-machinery/sz948IbCH2A

from kubeval.

garethr avatar garethr commented on August 27, 2024

So, looking into this further this behaviour is from kubectl not the Kubernetes API: https://github.com/kubernetes/kubernetes/blob/225b9119d6a8f03fcbe3cc3d590c261965d928d0/pkg/kubectl/validation/schema.go#L312

from kubeval.

garethr avatar garethr commented on August 27, 2024

The deal appears to be:

  • The Kubernetes API will accept additional properties, and simply ignore them
  • However kubectl (since kubernetes/kubernetes#11914) will try and steer you towards avoiding additional properties, although you can ignore than with --validate=false

So kubeval is right, in the sense that the document is valid for the API. But it's probably more useful at least to allow this to do the same checks as kubectl. My plan at the moment is:

  • To publish a new set of schemas with "additionalProperties": false on everything that doesn't already have it
  • To set a strict flag on kubeval to switch to using these schemas
  • To default that flag to True, so it's the default behaviour

from kubeval.

garethr avatar garethr commented on August 27, 2024

I have a PR up with a fix for this in #32, I need a bit of time to add a few tests and some documentation but if you want to build from source you could check it out.

On the sample manifest with additional properties this now correctly flags the replica key.

kubeval --strict .\fixtures\extra_property.yaml
The document .\fixtures\extra_property.yaml contains an invalid DaemonSet
---> replicas: Additional property replicas is not allowed

from kubeval.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.