Use Kubeconform to Validate Manifests Locally

kubeconform is a tool that allows us to validate Kubernetes manifests.

Retrieve open API specification from Kubernetes

Use this command to retrieve the open API specifications from Kubernetes.

k get --raw '/openapi/v2' > /tmp/specs.json

Generate JSON schema file

Use openapi2jsonschema to generate the JSON schemas.

$ python openapi2jsonschema/ -o /tmp/json-schemas/v1.20.11-standalone-strict \
--kubernetes --stand-alone \
--expanded --strict \

Downloading schema
Parsing schema
Generating shared definitions
Generating individual schemas
Processing alertmanager-monitoring-v1
Generating alertmanager-monitoring-v1.json
Processing alertmanagerlist-monitoring-v1
Generating alertmanagerlist-monitoring-v1.json
Processing prometheus-monitoring-v1
Generating prometheus-monitoring-v1.json
Processing prometheuslist-monitoring-v1
Processing networksetlist-crd-v1
Generating networksetlist-crd-v1.json
Generating schema for all types

The command will report some errors like the one below which is fine since the tool does not support `customresourcedefinition`.

An error occured processing customresourcedefinition: customresourcedefinition not currently supported
An error occured processing customresourcedefinitionlist: customresourcedefinitionlist not currently supported

The generated files will be stored in the `/tmp/json-schemas/v1.20.11-standalone-strict` folder.

You also could remove `all.json` in that folder if you want to save disk space.

$ rm /tmp/json-schemas/v1.20.11-standalone-strict/all.json

Use kubeconform command

$ kustomize build | kubeconform  \
--kubernetes-version 1.20.11 \
-schema-location /tmp/json-schemas/ \
--strict \
-skip CustomResourceDefinition