kubeval icon indicating copy to clipboard operation
kubeval copied to clipboard

Published 20 hours ago verified publisher icon instrumenta

Invalid deployment gives warning --> returns code 1

Open audunsolemdal opened this issue 4 years ago • 5 comments

kubeval version: 1.15

Using --ignore-missing-schemas for another file provides a "WARN", but gives return code 0

In our pipeline we recently got return code 1 with no "ERR" visible, making me confused. The return code stems from this file:

Not sure if this is expected or not? Seems odd to me, and should rather cast an Error instead of warning.

➜  sdp-flux git:(dev) ✗ /mnt/c/appl/kubeval dev/gitlabstats/deployment-patch.yaml
WARN - dev/gitlabstats/deployment-patch.yaml contains an invalid Deployment (monitoring.gitlabstats) - selector: selector is required
WARN - dev/gitlabstats/deployment-patch.yaml contains an invalid Deployment (monitoring.gitlabstats) - template: template is required
➜  sdp-flux git:(dev) ✗ printf '%d\n' $?
1

It was hard to spot for me atleast as our pipeline renders many files, and if none provide an error I would presume return code 0, and pipeline is green.

audunsolemdal avatar May 04 '20 12:05 audunsolemdal

What we are doing is using Kustomize, so the main deployment.yaml file contains labels and selectors, but not the patch

Base:

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: gitlabstats
  name: gitlabstats
  namespace: monitoring
  annotations:
    flux.weave.works/automated: 'true'
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitlabstats
  template:
    metadata:
      labels:
        app: gitlabstats
    spec:
      containers:
      - name: gitlabstats
        image: sdpequinor/gitlabstats
        imagePullPolicy: Always
        ports:
        - containerPort: 5000
          name: http
        env:
        - name: GRAFANA_FREQ
          value: "3600"
        - name: GIT_PRIVATE_TOKEN
          valueFrom:
            secretKeyRef:
              name: gitlabstats-git-key
              key: GIT_PRIVATE_TOKEN
        resources:
          requests:
            cpu: 100m
            memory: "100Mi"
          limits:
            cpu: 500m
            memory: "200Mi"

Dev patch:

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: gitlabstats
  name: gitlabstats
  namespace: monitoring
  annotations:
    flux.weave.works/automated: 'true'
spec:
  replicas: 0

audunsolemdal avatar May 04 '20 12:05 audunsolemdal

Just learned that you can pipe kustomize and kubeval togehter

kubectl kustomize ./dev | kubeval --strict --ignore-missing-schemas

but still, I believe this is an issue which can occur in other cases.

audunsolemdal avatar May 04 '20 12:05 audunsolemdal

I actually just ran into this as well. Some WARN results return 0, while some return 1.

For example, when using --strict --ignore-missing-schemas, any resources that aren't properly validated return a WARN and error code 1, but the missing schemas return 0. So it can be a little confusing to see at a glance if anything actually failed.

It might be a better experience to turn failed schema validations into ERR in the command line, thoughts?

jpreese avatar May 06 '20 15:05 jpreese

Agreed 👍 perhaps we should take a stab at a PR for this?

ridhoq avatar Jul 20 '20 19:07 ridhoq

Bumping this issue because we recently found this on our pipeline too.

tchellomello avatar Dec 05 '23 15:12 tchellomello