instrumenta / kubernetes-json-schema Goto Github PK

Kubeval fails for any kustomization.yaml file as no schema is included for it.
As https://kustomize.io v2.0 is merged into kubectl since 1.14., it would be superb to include the schema here.

(Yeah, I know this is a moving target as it changed with newer releases of Kustomize)

Hi,
Will you support k8s v1.19.x
thanks,
; Long

Using kubeval (which looks to be super-awesome), I was receiving the error:

> kubeval --version
Version: 0.10.0
Commit: bc9ab56cc345f67265b8fb01b03489170fd0e504
Date: 2019-06-09T17:38:35Z

> kubeval test.yaml
1 error occurred:
    * Failed initalizing schema https://kubernetesjsonschema.dev/master-standalone/customresourcedefinition-apiextensions-v1beta1.json: Could not read schema from HTTP, response status is 404 Not Found

I noticed that master has this file but master-standalone does not. It appears that kubeval will either use master-standalone or master-standalone-strict -- from what I can tell of how this repo works, that's what a tool like kubeval must do to avoid relative refs.

I'm no sure whether it's relevant, but GH reports 1,027 files for master but only 1,010 for master-standalone.

I'm not sure whether this is a bug or not, but it does feel perhaps like one?

test.yaml is taken from the CRD page at https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/:

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  # name must match the spec fields below, and be in the form: <plural>.<group>
  name: crontabs.stable.example.com
spec:
  # group name to use for REST API: /apis/<group>/<version>
  group: stable.example.com
  # list of versions supported by this CustomResourceDefinition
  versions:
    - name: v1
      # Each version can be enabled/disabled by Served flag.
      served: true
      # One and only one version must be marked as the storage version.
      storage: true
  # either Namespaced or Cluster
  scope: Namespaced
  names:
    # plural name to be used in the URL: /apis/<group>/<version>/<plural>
    plural: crontabs
    # singular name to be used as an alias on the CLI and for display
    singular: crontab
    # kind is normally the CamelCased singular type. Your resource manifests use this.
    kind: CronTab
    # shortNames allow shorter string to match your resource on the CLI
    shortNames:
    - ct

Any chance you could provide a zip URL of all the schemas for us behind corporate firewalls?

Or maybe bake all the schemas into a second docker image?

Some objects with fields marked as required can be null, if I understand this correctly this should not be the case and can result in JSONs missing required fields being marked as valid.

For example this here:

I believe it might come from this line https://github.com/instrumenta/openapi2jsonschema/blob/d697cbff8a25f520e125e3a5f79cb4e9b972e8ce/openapi2jsonschema/util.py#L67 - I am not sure to understand why the last condition is there?

Can we add 1.11.10 schemas in?

Would you mind adding the 1.15 schemas?

Could a maintainer of this project provide feedback on whether this is dead or not?
It's fine when you don't have the time maintaining this, but it's another thing letting people submit pull requests and just ignore them. There were people who thought that this repo is worth maintaining and it seems as you would just ignore them - not even declining feedback.

That's realy unfortunate.

I would like to use prepared json schema but when I try to use some fields, I got this error
"ERROR TypeError: Undefined type undefined (existing: object,array,string,boolean,integer,number,null)"

Looking at v1.15.1, the following schemas are missing from standalone and standalone-strict, but available in the other variants/folders:

• customresourcedefinition
• customresourcedefinitionlist
• customresourcedefinitionspec
• customresourcedefinitionversion
• customresourcevalidation
• jsonschemaprops
• jsonschemapropsorarray
• jsonschemapropsorbool
• jsonschemapropsorstringarray

Looking at all later versions, schemas are missing there as well.

The resources are listed in _definitions.json, which makes me think this might be a bug.

I'm using GKE and would like to use kubeval which uses this component.

Is there any plans to support Cloud Armor Backend Config?

I'm missing the schemas for the latest patch releases:

• v1.15.12
• v1.16.13
• v1.17.9
• v1.18.6

Are there plans to add them?

When I use kubeval with sealed-secrets I see error like below:

ERR - storage/aws-secret.yaml: Failed initializing schema https://kubernetesjsonschema.dev/master-standalone/sealedsecret-bitnami-v1alpha1.json: Could not read schema from HTTP, response status is 404 Not Found

Could you please help add add sealedsecret-bitnami-v1alpha1 to master-standalone?

I almost sure that master-standalone/secret.json has backward compatibility with sealedsecret-bitnami-v1alpha1
because in background incside bitnami-labs/sealed-secrets used bitnami-labs/kube-libsonnet

Using kubeval to validate example deployments from https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html
I get :

ERR  - elasticsearch/cluster.yaml: Failed initializing schema https://kubernetesjsonschema.dev/master-standalone/elasticsearch-elasticsearch-v1.json: Could not read schema from HTTP, response status is 404 Not Found
ERR  - elasticsearch/kibana.yaml: Failed initializing schema https://kubernetesjsonschema.dev/master-standalone/kibana-kibana-v1.json: Could not read schema from HTTP, response status is 404 Not Found

I'm a bit new to this but would be happy to contribute the schemas for theses things (if they are public)

We hit an issue with https://github.com/instrumenta/kubeval which is due to missing kubernetes 1.19 schemas.

I wonder if there could be a way to automate the generation of the JSON schemas. I could help on this, I would just need to know how exactly it is generated.

Need to know which to pick 😄 Thanks!

All objects should include "additionalProperties": false, to properly validate, e.g. the following should fail but doesn't with the current schemas:

resources:
  limits:
    foobar: 123
    cpu: 100m
    memory: 128Mi
  requests:
    cpu: 100m
    memory: 128Mi

Hi there,

We're using kubeval to validate manifests, as well as to catch deprecation warnings (before upgrading to the new version of k8s).

Unfortunately, as far as I can see, this repository includes deprecated manifests alongside with normal ones, and fires a false negative in case an object is passing a validation but the schema is marked as deprecated.

Example:

when running kubeval manifest.yml -v1.16.0 I would expect the following manifest to fail the kubeval checking:

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: depl
  namespace: default

since extensions.v1beta1.Deployment is not supported in k8s 1.16.0 anymore (it's been moved to apps.v1.Deployment)

However, it passes, since the manifests for all old API groups for Deployment are still present in the repo, e.g.:

• https://github.com/instrumenta/kubernetes-json-schema/blob/master/v1.16.0/deployment-apps-v1beta1.json
• https://github.com/instrumenta/kubernetes-json-schema/blob/master/v1.16.0/deployment-apps-v1beta2.json
• https://github.com/instrumenta/kubernetes-json-schema/blob/master/v1.16.0/deployment-extensions-v1beta1.json

Not sure how this can be solved (as it seems coming from actual manifests for 1.16.0 that do have the manifests present), but one obvious solution could be creating a new set of manifest groups (e.g. v1.16.0-no-deprecated, v1.17.0-no-deprecated etc.) with manifests that have a DEPRECATED string in their description excluded from it:
https://github.com/instrumenta/kubernetes-json-schema/blob/master/v1.16.0/deployment-extensions-v1beta1.json#L2

Kubernetes 1.17 is out - could we update this repo please? I'd love to use the jsonschema defs in my CI pipeline without having to generate them myself. Thanks so much!

Cheers,
Rico

Just found kubeval and its an amazing tool. Would it make sense to add CRD's to these schemata so that kubeval will work when defining those resources as well, or is that out of scope for this project?

For other folks who are seeing that this repo isn't updated regularly, there is a way to use schemas from the pull requests that folks like @sturman and @brendanjryan have kindly provided.

For example, to use the schema from 1.16.10, you can use the raw files from that commit in kubeval:

kubeval --additional-schema-locations https://raw.githubusercontent.com/instrumenta/kubernetes-json-schema/746d95595310baddb59477bde49bfa7e6a4eecb7