Jay Taylor's notes

back to listing index


[web search]
Original source (github.com)
Tags: tooling kubernetes github.com
Clipped on: 2018-11-28
Skip to content
Image (Asset 1/7) alt= You have unread notifications
  • Image (Asset 2/7) alt=View RepositoryView repository on Sourcegraph
  • Watch
  • 804
  • Fork
  • /kubeval

    Validate your Kubernetes configuration files, supports multiple Kubernetes versions
    Image (Asset 3/7) alt= chocolatey/kubeval correct chocolatey package SHAs 9 months ago cmd FixThis commit closes issue #89. #89, where - didn't trigger stdin parsing 3 months ago fixtures validate empty files (fixesThis commit closes issue #78. #78) 6 months ago kubeval fix TestValidateInvalidInputs in kubeval_test.go 6 months ago log Start splitting kubeval up into separate packages a year ago version Kubeval can now print it's own version information a year ago .dockerignore Dockerfile for building/running acceptance tests 9 months ago .gitignore Initial work on a Chocolatey package a year ago .travis.yml enable docker service for new acceptance test runner 9 months ago Dockerfile Add kubeval to $PATH to make CI usage more straightforward 7 months ago Dockerfile.acceptance Dockerfile for building/running acceptance tests 9 months ago Dockerfile.offline Add kubeval to $PATH to make CI usage more straightforward 7 months ago LICENSE Initial working commit for kubeval a year ago Makefile generate lowercase hashes 9 months ago README.md Merge pull request #44 from indigoid/feature-stdin-filename 9 months ago acceptance.bats FixThis commit closes issue #89. #89, where - didn't trigger stdin parsing 3 months ago glide.lock FixThis commit closes issue #89. #89, where - didn't trigger stdin parsing 3 months ago glide.yaml Improve support for setting an alterntive download location a year ago main.go Initial working commit for kubeval a year ago



    kubeval is a tool for validating a Kubernetes YAML or JSON configuration file. It can also be used as a library in other Go applications.

    Image (Asset 4/7) alt=Why?

    • If you're writing Kubernetes configuration files by hand it is useful to check them for validity before applying them
    • If you're distributing Kubernetes configuration files or examples it's handy to check them against multiple versions of Kubernetes
    • If you're generating Kubernetes configurations using a tool like ksonnet or hand-rolled templating it's important to make sure the output is valid

    I'd like to be able to address the above both locally when developing, and also as a simple gate in a continuous integration system.

    kubectl doesn't address the above needs in a few ways, importantly validating with kubectl requires a Kubernetes cluster. If you want to validate against multiple versions of Kubernetes, you'll need multiple clusters. All of that for validating the structure of a data structure stored in plain text makes for an unweild development environment.

    But how?

    Kubernetes has strong definitions of what a Deployment, Pod, or ReplicationController are. It exposes that information via an OpenAPI based description. That description contains JSON Schema information for the Kubernetes types. This tool uses those extracted schemas, published at garethr/kubernetes-json-schema and garethr/openshift-json-schema. See those repositories and this blog post for the details.


    Tagged versions of kubeval are built by Travis and automatically uploaded to GitHub. This means you should find tar.gz files under the release tab. These should contain a single kubeval binary for platform in the filename (ie. windows, linux, darwin). Either execute that binary directly or place it on your path.

    wget https://github.com/garethr/kubeval/releases/download/0.6.0/kubeval-darwin-amd64.tar.gz
    tar xf kubeval-darwin-amd64.tar.gz
    cp kubeval /usr/local/bin

    Windows users can download tar or zip files from the releases, or for Chocolatey users you can install with:

    choco install kubeval

    For those on macOS using Homebrew you can use the kubeval tap:

    brew tap garethr/kubeval
    brew install kubeval

    kubeval is also published as a Docker image. So can be used as follows:

    $ docker run -it -v `pwd`/fixtures:/fixtures garethr/kubeval fixtures/*
    Missing a kind key in /fixtures/blank.yaml
    The document fixtures/int_or_string.yaml contains a valid Service
    The document fixtures/int_or_string_false.yaml contains an invalid Deployment
    --> spec.template.spec.containers.0.env.0.value: Invalid type. Expected: string, given: integer
    The document fixtures/invalid.yaml contains an invalid ReplicationController
    --> spec.replicas: Invalid type. Expected: integer, given: string
    Missing a kind key in /fixtures/missing-kind.yaml
    The document fixtures/valid.json contains a valid Deployment
    The document fixtures/valid.yaml contains a valid ReplicationController

    From source

    If you are modifying kubeval, or simply prefer to build your own binary, then the accompanying Makefile has all the build instructions. If you're on a Mac you should be able to just run:

    make build

    The above relies on you having installed Go build environment and configured GOPATH. It also requires git to be installed. This will build binaries in bin, and tar files of those binaries in releases for several common architectures.


    $ kubeval --help
    Validate a Kubernetes YAML file against the relevant schema
      kubeval <file> [file...] [flags]
        -h, --help                        help for kubeval
        -v, --kubernetes-version string   Version of Kubernetes to validate against (default "master")
            --openshift                   Use OpenShift schemas instead of upstream Kubernetes
            --schema-location string      Base URL used to download schemas. Can also be specified with the environment variable KUBEVAL_SCHEMA_LOCATION (default "https://raw.githubusercontent.com/garethr")
            --version                     Display the kubeval version information and exit

    The command has three important features:

    • You can pass one or more files as arguments, including using wildcard expansion. Each file will be validated in turn, and kubeval will exit with a non-zero code if any of the files fail validation.
    • You can toggle between the upstream Kubernetes definitions and the expanded OpenShift ones using the --openshift flag. The default is to use the upstream Kubernetes definitions.
    • You can pass a version of Kubernetes or OpenShift and the relevant type schemas for that version will be used. For instance:
    $ kubeval -v 1.6.6 my-deployment.yaml
    $ kubeval --openshift -v 1.5.1 my-deployment.yaml


    After installing with you prefered dependency management tool, import the relevant module.

    import (

    The module provides one public function, Validate, which can be used like so:

    results, err := kubeval.Validate(fileContents, fileName)

    The method signature for Validate is:

    Validate(config []byte, fileName string) ([]ValidationResult, error)

    The simples way of seeing it's usage is probably in the kubeval command line tool source code.


    kubeval should be useful now but can be obviously improved in a number of ways. If you have suggestions for improvements or new features, or run into a bug please open issues against the GitHub repository. Pull requests also heartily encouraged.

    Press h to open a hovercard with more details.