Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Resource name validation #65

Closed
gerald-skydio opened this issue Jul 15, 2021 · 2 comments
Closed

Resource name validation #65

gerald-skydio opened this issue Jul 15, 2021 · 2 comments

Comments

@gerald-skydio
Copy link

gerald-skydio commented Jul 15, 2021

Greetings!

Love this project, been adding it to our build out of kubernetes manifest.

It seems like this tool is not finding any DNS-1035 as defined here [a-z]([-a-z0-9]*[a-z0-9] validation errors.

Example invalid manifest

apiVersion: v1
kind: Service
metadata:
  name: foo_bar
  labels:
    app: foo
spec:
  ports:
  - port: 10000
    targetPort: 6379
  selector:
    app: foo

While it can't apply to the cluster (currently 1.19 for this example)

gerald@gerald-laptop:~/playground/manifests$ kubectl apply -f service.yml 
The Service "foo_bar" is invalid: metadata.name: Invalid value: "foo_bar": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name',  or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')
gerald@gerald-laptop:~/playground/manifests$ ~/Downloads/kubeconform -summary -strict -output json -verbose service.yml 
{
  "resources": [
    {
      "filename": "service.yml",
      "kind": "Service",
      "name": "foo_bar",
      "version": "v1",
      "status": "statusValid",
      "msg": ""
    }
  ],
  "summary": {
    "valid": 1,
    "invalid": 0,
    "errors": 0,
    "skipped": 0
  }
@gerald-skydio
Copy link
Author

Darn. This appears to be a validation on the api server side not in the openapi specs, which makes sense..

https://github.com/kubernetes/kubernetes/blob/ea0764452222146c47ec826977f49d7001b0ea8c/pkg/apis/apiserverinternal/validation/validation.go#L162

@yannh
Copy link
Owner

yannh commented Jul 17, 2021

Hi Gerald! Yes indeed, unfortunately as described in "limits of Kubeconform validation" - extra restriction not part of the swagger definition of the resources can not be validated with Kubeconform.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants