actions/kubeconform
9
0
Fork 0
mirror of https://github.com/yannh/kubeconform.git synced 2026-02-22 03:07:01 +00:00
Code Issues Projects Releases 1 Packages Wiki Activity Actions

Add note in README to describe limits of the validation

Browse source
This commit is contained in:
Yann Hamon 2020-10-31 13:05:35 +01:00
parent bf29e486d2
commit 9e7e2bbc39
2 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.goreleaser.yml
View file

@ -1,5 +1,5 @@
builds: builds:
- main: ./cmd/kubeconform/main.go - main: ./cmd/kubeconform/...
env: env:
- CGO_ENABLED=0 - CGO_ENABLED=0
- GOFLAGS = -mod=vendor - GOFLAGS = -mod=vendor

13
Readme.md
View file

@ -30,6 +30,19 @@ and break it down into multiple JSON schemas, stored in github at
Kubeconform relies on the same JSON schemas from kubernetesjsonschema.dev, and will download required Kubeconform relies on the same JSON schemas from kubernetesjsonschema.dev, and will download required
schemas at runtime as required. schemas at runtime as required.
### Limits of Kubeconform validation
Kubeconform, similarly to kubeval, only validates manifests using the OpenAPI specifications. In some
cases, the Kubernetes controllers might perform additional validation - so that manifests passing kubeval
validation would still error when being deployed. See for example these bugs against kubeval:
[#253](https://github.com/instrumenta/kubeval/issues/253)
[#256](https://github.com/instrumenta/kubeval/issues/256)
[#257](https://github.com/instrumenta/kubeval/issues/257)
[#259](https://github.com/instrumenta/kubeval/issues/259). The validation logic mentioned in these
bug reports is not part of Kubernetes' OpenAPI spec, and therefore kubeconform/kubeval will not detect the
configuration errors.
### Usage ### Usage
``` ```