kubernetes-json-schema icon indicating copy to clipboard operation
kubernetes-json-schema copied to clipboard

Published 20 hours ago verified publisher icon instrumenta

Missing newer kubernetes schemas (example: 1.19)

Open brunoluiz opened this issue 3 years ago • 22 comments

We hit an issue with https://github.com/instrumenta/kubeval which is due to missing kubernetes 1.19 schemas.

I wonder if there could be a way to automate the generation of the JSON schemas. I could help on this, I would just need to know how exactly it is generated.

brunoluiz avatar Nov 26 '20 11:11 brunoluiz

I'm facing a problem with kubeval when trying to validate K8s helm chart. Kubernetes version 1.19.5.

helmfile template | kubeval --strict
ERR  - kubernetes-dashboard/templates/ingress.yaml: Failed initializing schema https://kubernetesjsonschema.dev/master-standalone-strict/ingress-networking-v1.json: Could not read schema from HTTP, response status is 404 Not Found

Looks like missing schema for 1.19

Constantin07 avatar Dec 11 '20 12:12 Constantin07

I worked around missing schemas for 1.19 by generating them on my own. This seems to work at first glance, although I don't have much prior experience with kubeval:

In Linux (or WSL):

# install tooling to generate the schemas
sudo apt install python-pip
export PYTHONHTTPSVERIFY=0 # this is only because I had cert issues
pip install openapi2jsonschema

# generate a folder with schema files for a specific version (1.19.3 in this case)
openapi2jsonschema -o "v1.19.3-standalone-strict" --kubernetes --stand-alone --strict https://raw.githubusercontent.com/kubernetes/kubernetes/v1.19.3/api/openapi-spec/swagger.json

# now fork this repo, add the generated files, commit, push

# tell kubeval to use your repo instead of the default one
kubeval --kubernetes-version 1.19.3 --strict --schema-location https://raw.githubusercontent.com/taurit ingress.yaml

# Output:
# The document ingress.yaml contains a valid Ingress

taurit avatar Dec 17 '20 14:12 taurit

@taurit how did you generate your own schemas. Is there someone that confirm the original schema location is not being kept upto date, and we need to look for another source to point to for the schemas. kubeval is really no longer usable without this.

mark007 avatar Dec 23 '20 11:12 mark007

@taurit how did you generate your own schemas

@mark007 I used the openapi2jsonschema tool. It is mentioned in the readme of this project. All the commands I used are in the post above yours :)

taurit avatar Dec 23 '20 17:12 taurit

Thanks @taurit for your example. I just ran into an issue where I needed to validate k8s yamls and now I am stuck in this rabbit hole ;) I think with the provided information it will be easy to get to working solution for me locally.

In general I think @mark007 question is still valid as it would still be helpful to have a repo containing the current json schemas. As part of my journey on this topic I first found

https://github.com/garethr/kubernetes-json-schema

containing schemas for K8S versions up to v1.14. Looking for an alternative I found this repo and checked for the included versions and recognized that it is also not uptodate but at least is containing schemas up to v1.18.1...

It doesnt look like such a big overhead to update schemas so I am wondering why this repo is not being updated anymore and PRs are not merged. Maybe we can simplify / automated the process using GitActions, would you be open for such a PR?

tricky42 avatar Jan 05 '21 10:01 tricky42

It doesnt look like such a big overhead to update schemas so I am wondering why this repo is not being updated anymore and PRs are not merged.

I'm also wondering why the outstanding PRs from 2019 & 2020 are not merged. There are not comments left by reviews that there is something wrong with them.

Constantin07 avatar Jan 05 '21 21:01 Constantin07

Hi @brunoluiz I had the same problem, and it appears this repo is not being actively maintained.

I found that you can find the latest schemas, maintained by AWS for its cdk8s project here: https://github.com/awslabs/cdk8s/tree/master/kubernetes-schemas

Hope this helps everyone!

joaopi avatar Jan 07 '21 15:01 joaopi

I've created a PR https://github.com/instrumenta/kubernetes-json-schema/pull/28 to add support for v1.19.3

kubeval --strict --kubernetes-version 1.19.3 --schema-location https://raw.githubusercontent.com/dmourao/kubernetes-json-schema/master ingress.yaml
[32mPASS[0m - ingress.yaml contains a valid Ingress (webrtc-service)

dmourao avatar Jan 18 '21 16:01 dmourao

As mentioned above, it looks like this repo isn't actively maintained. The schemas in awslabs/cdk8s unfortunately don't contain the script versions (which are necessary in my case).

Does anyone know of a fork or any other place where the strict schemas could be found?

alexrashed avatar Jan 21 '21 10:01 alexrashed

Hello, I maintain https://github.com/yannh/kubeconform/ which also uses schemas from this repository. As long as kubeconform will rely on kubernetes-json-schema, I will maintain a fork at https://github.com/yannh/kubernetes-json-schema , if only for myself ;) Things I want to look into:

  • Automating the update of this repository using a scheduled Github Action
  • Actually updating Kubeconform to use OpenAPI directly and not require the conversion to JSON Schemas anymore.. There is some code here https://github.com/kubernetes/kube-openapi/tree/master/pkg/validation that might work? But this would be further in the future.

yannh avatar Jan 22 '21 07:01 yannh

Alright https://github.com/yannh/kubernetes-json-schema now contains schemas for all release patch versions from 1.17 and up. I have updated https://github.com/yannh/kubernetes-json-schema/blob/master/build.sh to get the list of tags automatically from the Kubernetes registry rather than hardcode them. I am pretty close to getting it to auto-update, though the generation is actually a LOT more time-intensive than I thought and I'd certainly blast through my github actions quota, so I m generating manually for now :)

I've also forked https://github.com/yannh/openapi2jsonschema and added a public Docker Image - I will be iterating on this in the future.

Kubeconform now default to files from this new repository.

yannh avatar Jan 24 '21 00:01 yannh

@yannh That is a really good idea! Hopefully, this will eventually be merged back to this repo. Two things though:

  1. Perhaps creating a Golang program might help to curb the CI time? You can run the tasks in different go routines. Then, you can set the GH Action to run every day (it supports crons iirc)
  2. If this is successfully automated, I wonder if it wouldn't be useful to open a pull request in https://github.com/instrumenta/kubeval to replace the default schema --schema-location

brunoluiz avatar Jan 25 '21 16:01 brunoluiz

@brunoluiz I .. started, but Go is absolutely not great at dealing with arbitrary JSON files :) Maybe python will be fast enough to just compute the missing versions, I will give this another try soon. For kubeval - I was going to document how to use that repo with kubeval, however kubeval's maintainer is the same as this repo's maintainer, so he might as well merge my changes ;) @garethr :wave: happy to help maintain here.

yannh avatar Jan 25 '21 16:01 yannh

Ok so... https://github.com/yannh/kubernetes-json-schema is now self-updating every second day, for all versions above 1.12... I guess this will run until Github shuts it down, the repo might get big :grimacing:

yannh avatar Feb 27 '21 14:02 yannh

@yannh First of all, thanks for keeping the schemas up-to-date. It seems like many of these instrumenta repos are somewhat dead, and I've had a lot of troubles generating these schemas locally using openapi2jsonschema.

No issue tracker on the fork, so pardon if it's weird to comment here. It would be nice if the size of the repo were smaller somehow, maybe by putting each schema version on a different branch, not really sure. The versions of git available in our environment don't support filtered clones, so we have to checkout the entire repo which is painfully slow. Anyway, we can live with it, just would be nice to have a more streamlined way of downloading schemas for a specific version of Kubernetes.

jcmcken avatar Mar 10 '21 17:03 jcmcken

My bad - I have enabled the issues there now. Could you open a ticket there for further discussions?

This script is what the fork uses to generate the schemas: https://github.com/yannh/kubernetes-json-schema/blob/master/build.sh It relies on a docker image that contains a fork of openapi2jsonschema. If you are able to run docker containers, this would be your best bet. The script should be easy to patch to generate json schemas for a single version of Kubernetes.

On the size of the repository - yes, this problem will not get smaller. I do not have a perfect answer just now, apart from removing older versions and recommending shallow clones.

yannh avatar Mar 10 '21 17:03 yannh

Thx a lot @yannh for this new updated repo ! How can I get easly the actual master version ?

sbillon avatar Mar 12 '21 11:03 sbillon

@sbillon and others in this thread > move support requests to the fork :) If your question was: "Are the master-* folders up-to-date in yannh/kubernetes-json-schema", they now are updated every 2 days.

yannh avatar Mar 13 '21 16:03 yannh

We have set up this repository at https://github.com/Onemind-Services-LLC/kubernetes-json-schema. Anyone interested in using this is welcome.

We will keep this up-to-date as much as possible

abhi1693 avatar Apr 30 '21 15:04 abhi1693

There's also https://github.com/yannh/kubernetes-json-schema used by Kubeconform

remram44 avatar Apr 30 '21 18:04 remram44

Would be nice to see 1.20 and 1.21 as well.

wyardley avatar Feb 07 '22 23:02 wyardley

This hasn't been updated in years, posting here does nothing. See https://github.com/yannh/kubernetes-json-schema for an up to date repository.

remram44 avatar Feb 07 '22 23:02 remram44