mirror of https://github.com/yannh/kubeconform.git synced 2026-02-11 14:09:21 +00:00

A FAST Kubernetes manifests validator, with support for Custom Resources!

Find a file

Yann Hamon dcaf1bc608 files to validate should be passed without -file, for ease of use with xargs		2020-06-06 01:01:48 +02:00
.github/workflows	Add Dockerfile.bats	2020-06-04 19:46:53 +02:00
bin	add -dir parameter	2020-05-30 15:49:02 +02:00
fixtures	support schemas in YAML, added acceptance tests for parsing custom resources	2020-06-05 00:51:35 +02:00
pkg	support schemas in YAML, added acceptance tests for parsing custom resources	2020-06-05 00:51:35 +02:00
vendor	vendor deps	2020-05-31 04:43:07 +02:00
acceptance.bats	files to validate should be passed without -file, for ease of use with xargs	2020-06-06 01:01:48 +02:00
Dockerfile	Add Dockerfile	2020-05-31 17:15:03 +02:00
Dockerfile.bats	Add Dockerfile.bats	2020-06-04 19:43:19 +02:00
go.mod	skipKinds + better error logging	2020-05-30 07:02:48 +02:00
go.sum	skipKinds + better error logging	2020-05-30 07:02:48 +02:00
LICENSE	add License & simple Readme	2020-05-30 17:33:29 +02:00
main.go	files to validate should be passed without -file, for ease of use with xargs	2020-06-06 01:01:48 +02:00
main_test.go	loggers take an io.writer	2020-06-01 17:15:52 +02:00
Makefile	fail on missing schemas by default, add -ignore-missing-schemas	2020-06-04 23:33:00 +02:00
Readme.md	files to validate should be passed without -file, for ease of use with xargs	2020-06-06 01:01:48 +02:00

Readme.md

Kubeconform

Kubeconform is a Kubernetes manifests validation tool. Build it into your CI to validate your Kubernetes configuration using the schemas from the registry maintained by the kubernetes-json-schema project!

It is inspired by and similar to Kubeval, but with the following improvements:

high performance: will validate & download manifests over multiple routines
support for Kubernetes CRDs

Usage

$ ./bin/kubeconform -h
Usage of ./bin/kubeconform:
  -dir value
        directory to validate (can be specified multiple times)
  -ignore-missing-schemas
        skip files with missing schemas instead of failing
  -k8sversion string
        version of Kubernetes to test against (default "1.18.0")
  -n int
        number of routines to run in parallel (default 4)
  -output string
        output format - text, json (default "text")
  -schema value
        file containing an additional Schema (can be specified multiple times)
  -skip string
        comma-separated list of kinds to ignore
  -strict
        disallow additional properties not in schema
  -summary
        print a summary at the end
  -verbose
        print results for all resources

Usage examples

Validating a single, valid file

$ ./bin/kubeconform -file fixtures/valid.yaml
$ echo $?
0

Validating a single invalid file, setting output to json, and printing a summary

$ ./bin/kubeconform -file fixtures/invalid.yaml -summary -output json
{
  "resources": [
    {
      "filename": "fixtures/invalid.yaml",
      "kind": "ReplicationController",
      "version": "v1",
      "status": "INVALID",
      "msg": "Additional property templates is not allowed - Invalid type. Expected: [integer,null], given: string"
    }
  ],
  "summary": {
    "valid": 0,
    "invalid": 1,
    "errors": 0,
    "skipped": 0
  }
}
$ echo $?
1

Validating a folder, increasing the number of parallel workers

$ ./bin/kubeconform -dir fixtures -summary -n 16
fixtures/multi_invalid.yaml - Service is invalid: Invalid type. Expected: integer, given: string
fixtures/invalid.yaml - ReplicationController is invalid: Invalid type. Expected: [integer,null], given: string
Run summary - Valid: 40, Invalid: 2, Errors: 0 Skipped: 6

Validating a custom resources, using a local schema

$ bin/kubeconform -file fixtures/test_crd.yaml -schema fixtures/crd_schema.yaml -verbose
fixtures/test_crd.yaml - TrainingJob is valid

Credits

@garethr for the Kubeval and kubernetes-json-schema projects