About this reposiroty

This repository contains resources for the blog post:
"A Deep Dive Into Kubernetes Schema Validation"

Misconfigs

This dir contains seven Kubernetes manifest files, each with a different misconfiguration:

api-deprecation.yaml

wrong: apiVersion: apps/v1beta2
correct: apiVersion: apps/v1
reason: apps/v1beta2 was deprecated for resource type "Deployment" in Kubernetes version 1.18.0

invalid-kind-value.yaml

wrong: kind: pod
correct: kind: Pod
reason: resource type must start with a capital letter - Pod

invalid-label-value.yaml

wrong: owner: ---
correct: owner: frodo-baggins
reason: labels values must start and end with an alphanumeric letter

invalid-protocol-type.yaml

wrong: protocol: 22
correct: protocol: TCP
reason: protocol type must be a string

invalid-spec-key.yaml

wrong: Spec:
correct: spec:
reason: spec must start with a small 's'

missing-image.yaml

wrong:

containers:
    - name: web

correct:

containers:
    - name: web
      image: nginx

reason: each container must include an image name

wrong-k8s-indentation.yaml

wrong:

spec:
containers:
  - name: web
    image: nginx
    ports:
      - name: web
        containerPort: 80
        protocol: TCP

correct:

spec:
  containers:
  - name: web
    image: nginx
    ports:
    - name: web
      containerPort: 80
      protocol: TCP

reason: Kubernetes\YAML indentation requires one tab space when listing containers

Misconfigurations coverage summary

Benchmark

This dir contains 100 valid Kubernetes manifest files.
All files contain the same Kubernetes configuration.

Commands

running schema validation tests

kubeval: kubeval --strict misconfigs/*.yaml -v "1.18.0"
kubeconform: kubeconform -strict misconfigs/*.yaml
kubectl dry-run in client mode: kubectl apply -f misconfigs/ --dry-run=client
kubectl dry-run in server mode: kubectl apply -f misconfigs/ --dry-run=server

Running benchmark tests

🔧 prerequisite - hyperfine installed

kubeval: hyperfine --warmup 5 'kubeval --strict benchmark/*.yaml -v "1.18.0"'
kubeconform: hyperfine --warmup 5 'kubeconform -strict benchmark/*.yaml'
kubectl dry-run in client mode: hyperfine --warmup 5 'kubectl apply -f benchmark/ --dry-run=client'
kubectl dry-run in server mode: hyperfine --warmup 5 'kubectl apply -f benchmark/ --dry-run=server'

Resources

My article about K8s schema validation
Open an issue here if you have any questions on this topic (k8s schema)
kubectl --dry-run=client bug - kubernetes/issues/51475
Datree's CLI tool to ensure K8s manifests and Helm charts follow best practices
How to check CRDs and schema with Datree - docs

datreeio / kubernetes-schema-validation Goto Github PK

kubernetes-schema-validation's Introduction

About this reposiroty

Misconfigs

Misconfigurations coverage summary

Benchmark

Commands

running schema validation tests

Running benchmark tests

Resources

kubernetes-schema-validation's People

Contributors

Stargazers

Watchers

Forkers

Recommend Projects

Recommend Topics

Recommend Org