kubeval
kubeval copied to clipboard
instrumenta
Raw: Raw is required
I am executing the command ./kubeval --openshift --kubernetes-version 1.5.0 yaml/* and getting the error message:
The document yaml/deployment-template.yaml contains an invalid Template ---> Raw: Raw is required ---> Raw: Raw is required ---> Raw: Raw is required
Sample file :
apiVersion: v1
kind: Template
metadata:
name: bar
parameters:
- name: foo
displayName: The name of the REST application. It will be part of the exposed route.
value: bar
objects:
- apiVersion: v1
kind: DeploymentConfig
metadata:
labels:
app: ${foo}
name: ${foo}
spec:
replicas: 1
selector:
app: ${foo}
deploymentconfig: ${foo}
template:
metadata:
labels:
app: ${foo}
deploymentconfig: ${foo}
spec:
containers:
- env:
- name: LOG_LEVEL
value: DEBUG
image: ${foo}
imagePullPolicy: Always
name: ${foo}
livenessProbe:
httpGet:
path: /api/healthcheck
port: 8080
initialDelaySeconds: 300
timeoutSeconds: 5
failureThreshold: 3
readinessProbe:
httpGet:
path: /api/healthcheck
port: 8080
initialDelaySeconds: 5
timeoutSeconds: 5
resources:
requests:
cpu: 500m
memory: 500Mi
limits:
cpu: 1000m
memory: 1Gi
ports:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 8778
name: jolokia
protocol: TCP
terminationMessagePath: /dev/termination-log
dnsPolicy: ClusterFirst
restartPolicy: Always
test: false
- apiVersion: v1
kind: ImageStream
metadata:
labels:
build: ${foo}
name: ${foo}
spec:
tags:
- from:
kind: DockerImage
name: ${foo}:latest
Update: Seems like this is coming from the --openshift option and not the --kubernetes-version .
Thanks for reporting. Mmm, so according to the JSON Schema extracted from OpenShift this is correct. ie. objects only has a raw property. https://github.com/garethr/openshift-json-schema/blob/master/v1.5.0-standalone/template.json#L98
However that's obviously incorrect. This comes down to io.k8s.apimachinery.pkg.runtime.RawExtension in the OpenShift OpenAPI spec, raw appears to be a way of storing arbitrary data. I'm not aware of this being a feature of either JSON Schema or OpenAPI. I'll need to check with folks who work on OpenShift.
The nature of template (given variables rather than values) makes validation using other types tricky too.
Re: the update. You're correct. Template is only used in OpenShift, it's not part of the upstream Kubernetes release.
Right, thank you for the response. However, there was another possibility we were thinking of is to run the oc process againsts the template and then run against the kubeval. For example:
oc process -f <templayte.yaml> -o yaml > blueprint.yaml && kubeval blueprint.yaml
However, this fails with another error message -
1 error occurred:
* Problem loading schema from the network at https://raw.githubusercontent.com/garethr/kubernetes-json-schema/master/master-standalone/list.json: Could not read schema from HTTP, response status is 404 Not Found
Does this qualify for another ticket?
@shitizbansal so, list isn't a valid as a Kubernetes types, but that error message could be much friendlier.
kubeval detects the type by looking for the value of kind:
Could you post the full output of blueprint.yaml? I don't see the list kind in the above template.
Another note. Once we work this out you can do the same without the intermediary file, kubeval takes input on stdin as well like so:
oc process -f <templayte.yaml> -o yaml | kubeval
@garethr yes, I do realise that stin input thingy. :) I am using the same sample, I pasted above converted to the blueprint.
apiVersion: v1
items:
- apiVersion: v1
kind: DeploymentConfig
metadata:
labels:
app: bar
name: bar
spec:
replicas: 1
selector:
app: bar
deploymentconfig: bar
template:
metadata:
labels:
app: bar
deploymentconfig: bar
spec:
containers:
- env:
- name: LOG_LEVEL
value: DEBUG
image: bar
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
httpGet:
path: /api/healthcheck
port: 8080
initialDelaySeconds: 300
timeoutSeconds: 5
name: bar
ports:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 8778
name: jolokia
protocol: TCP
readinessProbe:
httpGet:
path: /api/healthcheck
port: 8080
initialDelaySeconds: 5
timeoutSeconds: 5
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 500m
memory: 500Mi
terminationMessagePath: /dev/termination-log
dnsPolicy: ClusterFirst
restartPolicy: Always
test: false
- apiVersion: v1
kind: ImageStream
metadata:
labels:
build: bar
name: bar
spec:
tags:
- from:
kind: DockerImage
name: bar:latest
kind: List
metadata: {}
Ah, so it looks like List is a list of nested types. I'd have expected that to use separate documents and a document separator. I'll want to find out if this is OpenShift specific or part of upstream. But once I do it should be easy to support this in the same way kubeval supports document separators. Thanks for the details.
Sure, I'd be waiting on this. :) If you need any additional info or something to repro, please do let me know.
@garethr kind: List is supported by native kubernetes and is commonly used e.g. with jsonnet to generate a multi-document json file. Strangely enough I can not find much documentation on it as well but there is an example here in yaml: https://github.com/kubernetes/kubernetes/blob/master/hack/testdata/list.yaml. Also if you run with kubectl something like kubectl get po -n kube-system -l k8s-app=app -o yaml (or -o json) and the label selector retuns multiple pods then the yaml/json that is being generated uses kind: List.
It does seem to be very straightforward from what I can see and would be very valuable to have support for.
@garethr Have you been able to look at this anymore? I can offer a patch if you just have an idea of how to implement this.
