Use Kubeconform to Validate Manifests Locally
kubeconform is a tool that allows us to validate Kubernetes manifests.
Retrieve open API specification from Kubernetes
Use this command to retrieve the open API specifications from Kubernetes.
1k get --raw '/openapi/v2' > /tmp/specs.jsonGenerate JSON schema file
Use openapi2jsonschema to generate the JSON schemas.
1$ python openapi2jsonschema/command.py -o /tmp/json-schemas/v1.20.11-standalone-strict \
2--kubernetes --stand-alone \
3--expanded --strict \
4/tmp/specs.json
5
6Downloading schema
7Parsing schema
8Generating shared definitions
9Generating individual schemas
10Processing alertmanager-monitoring-v1
11Generating alertmanager-monitoring-v1.json
12Processing alertmanagerlist-monitoring-v1
13Generating alertmanagerlist-monitoring-v1.json
14Processing prometheus-monitoring-v1
15Generating prometheus-monitoring-v1.json
16Processing prometheuslist-monitoring-v1
17....
18Processing networksetlist-crd-v1
19Generating networksetlist-crd-v1.json
20Generating schema for all typesThe command will report some errors like the one below which is fine since the tool does not support `customresourcedefinition`.
1An error occured processing customresourcedefinition: customresourcedefinition not currently supported
2An error occured processing customresourcedefinitionlist: customresourcedefinitionlist not currently supportedThe generated files will be stored in the `/tmp/json-schemas/v1.20.11-standalone-strict` folder.
You also could remove `all.json` in that folder if you want to save disk space.
1$ rm /tmp/json-schemas/v1.20.11-standalone-strict/all.jsonUse kubeconform command
1$ kustomize build | kubeconform \
2--kubernetes-version 1.20.11 \
3-schema-location /tmp/json-schemas/ \
4--strict \
5-skip CustomResourceDefinition