K
Q

Use openAPIV3Schema for validatiing PersistentVolumeClaim

4/14/2020

I want to use openAPIV3Scheme to validate a PersistentVolumeClaim like this:

     - metadata:
          name: data
      spec:
          accessModes: [ "ReadWriteOnce" ]
          resources:
              requests:
                  storage: 1Gi

I am not sure how should I define types, properties, etc in the yaml file. Would you please give me some pointers?

-- Adib Rastegarnia
kubernetes

Similar Questions

Will requiredDuringSchedulingIgnoredDuringExecution nodeAffinity persist if a pod gets evicted and rescheduled?
Use a docker registry from the kubernetes cluster on which it is deployed
Identify which GKE Node is serving a client request
The node kubenetes size is not available now in the location of your subscription

1 Answer

4/17/2020

To validate OpenAPI schema of Kubernetes manifest files generated by helm, you need to use a dedicated (external) tools, for instance: kubeval or jsonschema client with predefined kubernetes-json schema.

Here is an example usage of kubeval against invalid PVC resource:

helm template jenkins-issue . | kubeval -v 1.15.3 --strict

PASS - jenkins/templates/service-account.yaml contains a valid ServiceAccount (default.jenkins-issue)
PASS - jenkins/templates/secret.yaml contains a valid Secret (default.jenkins-issue)
PASS - jenkins/templates/config.yaml contains a valid ConfigMap (default.jenkins-issue)
PASS - jenkins/templates/tests/test-config.yaml contains a valid ConfigMap (default.jenkins-issue-tests)
WARN - jenkins/templates/home-pvc.yaml contains an invalid PersistentVolumeClaim (default.jenkins-issue) - accessModess: Additional property accessModess is not allowed
PASS - jenkins/templates/rbac.yaml contains a valid Role (default.jenkins-issue-schedule-agents)
PASS - jenkins/templates/rbac.yaml contains a valid RoleBinding (default.jenkins-issue-schedule-agents)
PASS - jenkins/templates/jenkins-agent-svc.yaml contains a valid Service (default.jenkins-issue-agent)
PASS - jenkins/templates/jenkins-master-svc.yaml contains a valid Service (default.jenkins-issue)
PASS - jenkins/templates/jenkins-master-deployment.yaml contains a valid Deployment (default.jenkins-issue)
PASS - jenkins/templates/tests/jenkins-test.yaml contains a valid Pod (default.jenkins-issue-ui-test-kr3kq)

If you just want to validate fields in helm's values.yaml file (check whether are present or are of valid type), you can use JSON schemas validation introduced with helm v3 (helm lint), as explained in this bog post.

Yet another option to validate OpenAPI schema of Kubernetes API resources, is to pipe the output of helm to kubectl with API server's dry-run mode enabled, e.g.

cat pvc.yaml | kubectl apply -f - --validate --server-dry-run

The PersistentVolumeClaim "my-jenkins-new" is invalid: spec.accessModes: Unsupported value: "ReadWriteOnces": supported values: "ReadOnlyMany", "ReadWriteMany", "ReadWriteOnce"

I hope this answers your question.

-- Nepomucen
Source: StackOverflow