kubeval
kubeval copied to clipboard
Invalid deployment passes kubeval
We had a deployment that contained the following block:
volumes:
- name: webhook-config
secret:
secretName: webhook
items:
- key: webhook.json
path: webhook.json
resources:
limits:
memory: 2Gi
restartPolicy: Always
It passed our kubeval job we have in our CI solution, but it fails to actually apply against our kubenetes cluster. Kubectl with the dry-run parameter fails the validation however:
kubectl apply -f deployment.yaml --dry-run
W0819 12:58:46.954177 86603 helpers.go:535] --dry-run is deprecated and can be replaced with --dry-run=client.
error: error validating "deployment.yaml": error validating data: ValidationError(Deployment.spec.template.spec.volumes[0]): unknown field "resources" in io.k8s.api.core.v1.Volume; if you choose to ignore these errors, turn validation off with --validate=false
We would expect this to fail as it's not valid.
Actually I think I found my issue. We need to use the --strict flag.
just use --strict flag.