介绍一个小工具:Kubeval
source link: https://www.tuicool.com/articles/FZJvIfM
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
这次要介绍的是一个用于验证 Kubernetes 对象文档结构的小工具: kubeval 。它能够对一个或多个 Kubernetes 或 OpenShift 的对象文档进行校验。它所依赖的 Schema 数据来自于 Open API 所生成的内容,所以校验过程中无需和 API Server 进行交互,也正因如此,对各种第三方 CRD 的支持也暂时无能为力,另外还需要有 Schema 库的支持。
这个工具在直接和 Kubernetes 交互的环境中有点画蛇添足,但是如果是在 CICD Pipeline 中,或者是没有 Kubernetes 集群可用的情况下,就很趁手了。
安装
Linux
直接下载安装版即可。
wget https://github.com/instrumenta/kubeval/releases/download/0.9.2/kubeval-linux-amd64.tar.gz tar xf kubeval-linux-amd64.tar.gz sudo cp kubeval /usr/local/bin
MacOS
可以下载安装:
wget https://github.com/instrumenta/kubeval/releases/download/0.9.2/kubeval-darwin-amd64.tar.gz tar xf kubeval-darwin-amd64.tar.gz sudo cp kubeval /usr/local/bin
也可以使用 Homebrew:
brew tap instrumenta/instrumenta brew install kubeval
Windows
除了在 Release 页面下载 zip 包之外,还可以用 scoop 进行安装:
scoop bucket add instrumenta https://github.com/instrumenta/bucket-instrumenta scoop install kubeval
Docker
还提供了 Docker 的运行方式,例如:
$ docker run -it -v `pwd`/fixtures:/fixtures garethr/kubeval fixtures/* Missing a kind key in /fixtures/blank.yaml The document fixtures/int_or_string.yaml contains a valid Service The document fixtures/int_or_string_false.yaml contains an invalid Deployment --> spec.template.spec.containers.0.env.0.value: Invalid type. Expected: string, given: integer The document fixtures/invalid.yaml contains an invalid ReplicationController --> spec.replicas: Invalid type. Expected: integer, given: string Missing a kind key in /fixtures/missing-kind.yaml The document fixtures/valid.json contains a valid Deployment The document fixtures/valid.yaml contains a valid ReplicationController
使用
$ kubeval --help Validate a Kubernetes YAML file against the relevant schema Usage: kubeval <file> [file...] [flags] Flags: -f, --filename string filename to be displayed when testing manifests read from stdin (default "stdin") -h, --help help for kubeval -v, --kubernetes-version string Version of Kubernetes to validate against (default "master") --openshift Use OpenShift schemas instead of upstream Kubernetes --schema-location string Base URL used to download schemas. Can also be specified with the environment variable KUBEVAL_SCHEMA_LOCATION (default "https://kubernetesjsonschema.dev") --strict Disallow additional properties not in schema --version version for kubeval
参数很少,但是都比较有用:
-
-v
:指定 Kubernetes 版本,例如1.14.2
。 -
--openshift
:对 Openshift 对象进行校验。 -
--schema-location
:指定 Schema 库的位置,缺省为https://kubernetesjsonschema.dev
,可以使用环境变量KUBEVAL_SCHEMA_LOCATION
。 -
--strict
:禁止出现 Schema 中未规定的字段。
例如:
$ kubeval sleep.yaml The document sleep.yaml contains a valid ServiceAccount The document sleep.yaml contains a valid Service The document sleep.yaml contains a valid Deployment
或者也可以使用管道:
$ cat sleep.yaml|kubeval The document stdin contains a valid ServiceAccount The document stdin contains a valid Service The document stdin contains a valid Deployment
指定版本进行校验:
$ kubeval -v 1.10.0 sleep.yaml The document sleep.yaml contains a valid ServiceAccount The document sleep.yaml contains a valid Service The document sleep.yaml contains a valid Deployment
使用自己的 Schema 库
前面提到过一个参数: --schema-location
,推测应该是用于在无法访问缺省模式库的时候的替补方案,要建立自己的模式库也很方便,只要使用 git 获取在线内容,并使用 Web Server 或者本地文件系统提供服务就可以了:
$ cd /doc $ git clone https://github.com/instrumenta/kubernetes-json-schema 正克隆到 'kubernetes-json-schema'... ... $ kubeval --schema-location file:///doc/kubernetes-json-schema test.yaml The document test.yaml contains a valid Service
参考
https://github.com/instrumenta/kubeval https://github.com/instrumenta/kubernetes-json-schema https://kubeval.instrumenta.dev/
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK