Validate OpenShift objects defined in yaml before actually applying or executing it

Asked 8/8, 2016 at 8:25 Answered 12/7, 2018 at 8:52

I have a OpenShift template in template.yaml file which includes following objects - deployment-config, pod, service and route. I am using the following command to execute the yaml:

oc process -f template.yml | oc apply -f -

I want to perform following validations before I actually apply/execute the yaml:

YAML syntax validation - if there are any issues with the YAML syntax.
OpenShift schema validation - to check if the object definition abides by the OpenShift object schema.

It seems that the command 'oc process' is doing following checking:

Basic YAML syntax validation
Template object schema validation

How to perform schema validation of other objects (e.g. deployment-config, service, pod, etc.) that are defined in template.yaml?

Homograft answered 8/8, 2016 at 8:25 Comment(1)

At this point in time there's no such option available in openshift, other than actually submitting the template to a test project. I've created github.com/openshift/origin/issues/11152 as an RFE. – Jeffiejeffrey 29/9, 2016 at 8:27

This is now possible with the OpenShift client (and on Kubernetes in general), e.g.

$ oc login
Username: john.doe
Password: 
Login successful.

$ oc apply -f openshift/template-app.yaml --dry-run
template "foobar-app" created (dry run)

It's also possible to process the template locally, thus you can avoid sending it to the server first, e.g.

$ oc process -f openshift/template-app.yaml --local -p APP_NAME=foo | oc apply --dry-run --validate -f -
deploymentconfig "foo" created (dry run)
service "foo" created (dry run)

Also note the --validate option I'm using for schema validation. Unfortunately, you still have to log in for the apply command to work (there's no --local option for apply).

Oddly, this feature is not described in the CLI documentation, however it's mentioned on the help screen:

$ oc apply --help
Apply a configuration to a resource by filename or stdin.

JSON and YAML formats are accepted.

Usage:
  oc apply -f FILENAME [options]

...

Options:
      ...
      --dry-run=false: If true, only print the object that would be sent, without sending it.
      ...
      --validate=false: If true, use a schema to validate the input before sending it

Use "oc <command> --help" for more information about a given command.
Use "oc options" for a list of global command-line options (applies to all commands).

Scottie answered 12/7, 2018 at 8:52 Comment(1)

In the meantime, some more Kubernetes YAML validation tools have surfaced (e.g. we're using kubeval for quite some time now). A recent article on learnk8s.io compares 6 of those validation tools: kubeval, kube-score, config-lint, copper, conftest, polaris. – Scottie 14/8, 2020 at 21:27

I'm having the same issue with cryptic errors coming back from the oc process command.

However if you go into the Openshift Console and use the "Add to Project" link at the top of the console, choose the "Import YAML / JSON" option and import your YAML/JSON that way you get slightly more useful errors.

Dredge answered 7/11, 2017 at 5:5 Comment(0)

Recommended topics

Hot tags