Extend kubeconform to validate object names

[dkulchinsky]

Very nice tool! thanks for working on this 👍🏼

I wonder if you'd consider adding validation of Object Names and IDs to ensure they conform with Kubernetes standards as described in https://kubernetes.io/docs/concepts/overview/working-with-objects/names/

for example, a volume named my_config should be rejected, while my-config should be valid

[eyarz]

Some validations are not part of the K8s schema because they are performed on the cluster side. The object name validation is not a part of the K8s schema. Therefore, it's not validated by kubeconform.

There are two solutions for your use case:

1. use kubectl --dry-run=server flag so it will perform the cluster (server) side validation
2. use an external policy management tool (e.g. Datree, Kyverno, Conftest, etc.) and add this validation

Disclaimer: I'm contributing code to Datree's projects. I think Datree will be a perfect fit because it also includes schema validation by Kubeconform and adds custom rules capabilities so you can easily create a rule to validate the object name.
They already have a similar built-in rule to validate labels (It's the same format as the object name - RFC-1123/hostnames).

[dkulchinsky]

Thanks for your reply @eyarz!

my main motivation was to run this in CI to catch anything that might fail to deploy later on (we use a GitOps deployment model), so kubectl --dry-run=server is not really an option.

we already use conftest for testing in CI, was looking to avoid the need to write all the tests myself 😄

Thanks for suggesting Datree! I'll take a look and perhaps we can add it out toolbox if it make sense and better fits this use case.

cheers,
Danny