-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kubeconform does not detect manifests that are too large. #214
Comments
From your description, it sounds like manifest size is a server-side validation, which makes sense because I don't think you can define the file size limit with JsonSchema. Therefore, this validation is not part of the K8s native objects schemas, and it's not supported by kubeconform but rejected by the cluster (you can read more about it here). |
I get that, and I understand the purity argument of 'we can only do what the schemas tell us.' I would argue that there are also a number of server side validations that apply to ALL manifests, and I think these would be useful and not too complicating. Off the top of my head:
I agree that testing server side validations for every particular kind is frankly more or less impossible and an endless tarpit. Things like testing that service ports have unique names etc, not to mention kinds outside of the kubernetes core. That said, these 'global' limits I think could be tackled and would make the tool a bit more useful to me at least. |
it's an open-source project, so you are more than welcome to offer those changes to @yannh :) regarding the other validations, there are 3rd party tools that you can use for that (Datree, Kyverno, Conftest, etc.). *discalimer - I'm a maintanier at datree. |
Hi @SleepyBrett ! There would definitely be value in being able to reuse directly some Kubernetes server-side validation logic in kubeconform, so we could catch more of these errors. It would be a slight departure from the jsonschema-validation-only approach kubeconform does today but 🤷 maybe it would be a better tool? |
Problem:
Given a configmap with a data element that contains a value > 1MiB, kuberenetes will reject the configmap but kubeconform will not flag it as bad.
Kubeconform should evaluate manifests for size and reject things that exceed limits (I think all manifests are limited to 1mb, but I could be wrong)
The text was updated successfully, but these errors were encountered: