{"id":21664016,"url":"https://github.com/datreeio/kubernetes-schema-validation","last_synced_at":"2025-03-20T06:18:11.601Z","repository":{"id":37030513,"uuid":"367066202","full_name":"datreeio/kubernetes-schema-validation","owner":"datreeio","description":" resources for the blog post about Kubernetes schema validation","archived":false,"fork":false,"pushed_at":"2024-05-10T07:19:16.000Z","size":883,"stargazers_count":6,"open_issues_count":0,"forks_count":7,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-01-25T07:41:41.573Z","etag":null,"topics":["kubeconform","kuberenetes","kubeval"],"latest_commit_sha":null,"homepage":"https://datree.io/resources/kubernetes-schema-validation","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/datreeio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-13T13:59:58.000Z","updated_at":"2023-07-18T01:36:53.000Z","dependencies_parsed_at":"2025-01-25T07:41:45.539Z","dependency_job_id":"aa61108c-6fa6-404a-82d8-16cf8dca5698","html_url":"https://github.com/datreeio/kubernetes-schema-validation","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datreeio%2Fkubernetes-schema-validation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datreeio%2Fkubernetes-schema-validation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datreeio%2Fkubernetes-schema-validation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/datreeio%2Fkubernetes-schema-validation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/datreeio","download_url":"https://codeload.github.com/datreeio/kubernetes-schema-validation/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244560392,"owners_count":20472220,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubeconform","kuberenetes","kubeval"],"created_at":"2024-11-25T10:30:33.253Z","updated_at":"2025-03-20T06:18:11.573Z","avatar_url":"https://github.com/datreeio.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# About this reposiroty\nThis repository contains resources for the blog post:  \n\"[A Deep Dive Into Kubernetes Schema Validation](https://datree.io/resources/kubernetes-schema-validation/?utm_source=github\u0026utm_medium=schema_validation_repo)\"\n\n# Misconfigs\nThis dir contains seven Kubernetes manifest files, each with a different misconfiguration:  \n\n### [api-deprecation.yaml](https://github.com/datreeio/kubernetes-schema-validation/blob/main/misconfigs/api-deprecation.yaml#L1)\n**wrong:** `apiVersion: apps/v1beta2`  \n**correct:** `apiVersion: apps/v1`  \n**reason:** `apps/v1beta2` was deprecated for resource type \"Deployment\" in Kubernetes version 1.18.0\n\n### [invalid-kind-value.yaml](https://github.com/datreeio/kubernetes-schema-validation/blob/main/misconfigs/invalid-kind-value.yaml#L2)\n**wrong:** `kind: pod`  \n**correct:** `kind: Pod`  \n**reason:** resource type must start with a capital letter - `Pod`\n\n### [invalid-label-value.yaml](https://github.com/datreeio/kubernetes-schema-validation/blob/main/misconfigs/invalid-lable-value.yaml#L6)\n**wrong:** `owner: ---`  \n**correct:** `owner: frodo-baggins`  \n**reason:** labels values must start and end with an alphanumeric letter\n\n### [invalid-protocol-type.yaml](https://github.com/datreeio/kubernetes-schema-validation/blob/main/misconfigs/invalid-protocol-type.yaml#L14)\n**wrong:** `protocol: 22`  \n**correct:** `protocol: TCP`  \n**reason:** protocol type must be a string\n\n### [invalid-spec-key.yaml](https://github.com/datreeio/kubernetes-schema-validation/blob/main/misconfigs/invalid-spec-key.yaml#L7)\n**wrong:** `Spec:`  \n**correct:** `spec:`  \n**reason:** `spec` must start with a small 's'\n\n### [missing-image.yaml](https://github.com/datreeio/kubernetes-schema-validation/blob/main/misconfigs/missing-image.yaml#L9)\n**wrong:**  \n```yaml\ncontainers:\n    - name: web\n```  \n**correct:**\n```yaml\ncontainers:\n    - name: web\n      image: nginx\n```  \n**reason:** each container must include an image name\n\n### [wrong-k8s-indentation.yaml](https://github.com/datreeio/kubernetes-schema-validation/blob/main/misconfigs/wrong-k8s-indentation.yaml#L8-L14)\n**wrong:**  \n```yaml\nspec:\ncontainers:\n  - name: web\n    image: nginx\n    ports:\n      - name: web\n        containerPort: 80\n        protocol: TCP\n```\n**correct:**  \n```yaml\nspec:\n  containers:\n  - name: web\n    image: nginx\n    ports:\n    - name: web\n      containerPort: 80\n      protocol: TCP\n```  \n**reason:** Kubernetes\\YAML indentation requires one tab space when listing `containers`\n\n## Misconfigurations coverage summary\n\n[![misconfigurations-coverage](https://raw.githubusercontent.com/datreeio/kubernetes-schema-validation/main/images/comparing-table.png)](#) \n\n# Benchmark\nThis dir contains 100 valid Kubernetes manifest files.  \nAll files contain the same Kubernetes configuration. \n\n[![benchmark-results](https://raw.githubusercontent.com/datreeio/kubernetes-schema-validation/main/images/benchmark-test-results.png)](#) \n\n# Commands\n### running schema validation tests\n**kubeval:** `kubeval --strict misconfigs/*.yaml -v \"1.18.0\"`  \n**kubeconform:** `kubeconform -strict misconfigs/*.yaml`  \n**kubectl dry-run in client mode:** `kubectl apply -f misconfigs/ --dry-run=client`  \n**kubectl dry-run in server mode:** `kubectl apply -f misconfigs/ --dry-run=server`  \n\n### Running benchmark tests\n:wrench: prerequisite - [hyperfine](https://github.com/sharkdp/hyperfine) installed  \n\n**kubeval:** `hyperfine --warmup 5 'kubeval --strict benchmark/*.yaml -v \"1.18.0\"'`  \n**kubeconform:** `hyperfine --warmup 5 'kubeconform -strict benchmark/*.yaml'`  \n**kubectl dry-run in client mode:** `hyperfine --warmup 5 'kubectl apply -f benchmark/ --dry-run=client'`  \n**kubectl dry-run in server mode:** `hyperfine --warmup 5 'kubectl apply -f benchmark/ --dry-run=server'`  \n\n# Resources\n* My article about [K8s schema validation](https://dev.to/datreeio/a-deep-dive-into-kubernetes-schema-validation-39ll)\n* Open an issue [here](https://github.com/datreeio/kubernetes-schema-validation) if you have any questions on this topic (k8s schema)\n* kubectl --dry-run=client bug - [kubernetes/issues/51475](https://github.com/kubernetes/kubernetes/issues/51475)\n* [Datree's CLI tool](https://github.com/datreeio/datree) to ensure K8s manifests and Helm charts follow best practices\n* How to check CRDs and schema with Datree - [docs](https://hub.datree.io/schema-validation)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatreeio%2Fkubernetes-schema-validation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdatreeio%2Fkubernetes-schema-validation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatreeio%2Fkubernetes-schema-validation/lists"}