Giters

igaskin / kubernetes-schema-validation

resources for the blog post about Kubernetes schema validation

Home Page:https://datree.io/resources/kubernetes-schema-validation

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

About this reposiroty

This repository contains resources for the blog post:
"A Deep Dive Into Kubernetes Schema Validation"

misconfigs

This dir contains seven Kubernetes manifest files, each with a different misconfiguration:

api-deprecation.yaml

wrong: apiVersion: apps/v1beta2
correct: apiVersion: apps/v1
reason: apps/v1beta2 was deprecated for resource type "Deployment" in Kubernetes version 1.18.0

invalid-kind-value.yaml

wrong: kind: pod
correct: kind: Pod
reason: resource type must start with a capital letter - Pod

invalid-label-value.yaml

wrong: owner: ---
correct: owner: frodo-baggins
reason: labels values must start and end with an alphanumeric letter

invalid-protocol-type.yaml

wrong: protocol: 22
correct: protocol: TCP
reason: protocol type must be a string

invalid-spec-key.yaml

wrong: Spec:
correct: spec:
reason: spec must start with a small 's'

missing-image.yaml

wrong:

containers:
    - name: web

correct:

containers:
    - name: web
      image: nginx

reason: each container must include an image name

wrong-k8s-indentation.yaml

wrong:

spec:
containers:
  - name: web
    image: nginx
    ports:
      - name: web
        containerPort: 80
        protocol: TCP

correct:

spec:
  containers:
  - name: web
    image: nginx
    ports:
    - name: web
      containerPort: 80
      protocol: TCP

reason: Kubernetes\YAML indentation requires one tab space when listing containers

Misconfigurations coverage summary

misconfigurations-coverage

benchmark

This dir contains 100 valid Kubernetes manifest files.
All files contain the same Kubernetes configuration.

benchmark-results

commands

running schema validation tests

kubeval: kubeval --strict misconfigs/*.yaml -v "1.18.0"
kubeconform: kubeconform -strict misconfigs/*.yaml
kubectl dry-run in client mode: kubectl apply -f misconfigs/ --dry-run=client
kubectl dry-run in server mode: kubectl apply -f misconfigs/ --dry-run=server

running benchmark tests

🔧 prerequisite - hyperfine installed

kubeval: hyperfine --warmup 5 'kubeval --strict benchmark/*.yaml -v "1.18.0"' kubeconform: hyperfine --warmup 5 'kubeconform -strict benchmark/*.yaml'
kubectl dry-run in client mode: hyperfine --warmup 5 'kubectl apply -f benchmark/ --dry-run=client'
kubectl dry-run in server mode: hyperfine --warmup 5 'kubectl apply -f benchmark/ --dry-run=server'

About

resources for the blog post about Kubernetes schema validation

https://datree.io/resources/kubernetes-schema-validation