kubeval icon indicating copy to clipboard operation
kubeval copied to clipboard

Published 20 hours ago verified publisher icon instrumenta

Invalid deployment passes kubeval

Open DJAyth opened this issue 2 years ago • 2 comments

We had a deployment that contained the following block:

      volumes:
      - name: webhook-config
        secret:
          secretName: webhook
          items:
          - key: webhook.json
            path: webhook.json
        resources:
          limits:
            memory: 2Gi
      restartPolicy: Always

It passed our kubeval job we have in our CI solution, but it fails to actually apply against our kubenetes cluster. Kubectl with the dry-run parameter fails the validation however:

kubectl apply -f deployment.yaml --dry-run
W0819 12:58:46.954177   86603 helpers.go:535] --dry-run is deprecated and can be replaced with --dry-run=client.
error: error validating "deployment.yaml": error validating data: ValidationError(Deployment.spec.template.spec.volumes[0]): unknown field "resources" in io.k8s.api.core.v1.Volume; if you choose to ignore these errors, turn validation off with --validate=false

We would expect this to fail as it's not valid.

DJAyth avatar Aug 19 '21 16:08 DJAyth

Actually I think I found my issue. We need to use the --strict flag.

DJAyth avatar Aug 19 '21 16:08 DJAyth

just use --strict flag.

ivan-penchev avatar Oct 25 '21 07:10 ivan-penchev