Possible to do a "dry run" validation of files?

N

5

37

Before creating an object in Kubernetes (Service, ReplicationController, etc.), I'd like to test that the JSON or YAML specification of the object is valid. But I don't want to actually create the object.

Is there some to do a "dry run" that would be equivalent to running kubectl create --validate=true -f file.json, but would just let me know that it passes validation, and not actually create it?

Ideally, it would be great if I could do this via API, and not require the use of kubectl. But I could make it work if it required me to use kubectl.

Thanks.

Nagano answered 20/8, 2015 at 21:45 Comment(1)

Still seems to be a WIP - github.com/kubernetes/kubernetes/issues/64830 & github.com/kubernetes/kubernetes/issues/5889 – Paucker 12/11, 2019 at 17:2

S

44

This works for me (kubernetes 1.7 and 1.9):

kubectl apply --validate=true --dry-run=client --filename=file.yaml

Shillelagh answered 7/3, 2018 at 10:51 Comment(4)

Does this work when you don't have a server connection, I suspect that its not client side which is not helpful in CI situations for validation. – Daile 22/3, 2019 at 3:27

I added an answer to address this scenario: https://mcmap.net/q/416189/-possible-to-do-a-quot-dry-run-quot-validation-of-files – Baronetage 21/5, 2020 at 5:9

--dry-run=BOOLEAN has been deprecated. This works instead though. --dry-run=client – Annadiane 3/10, 2020 at 1:25

Although --dry-run=client is a client-side validation, it still requires a server connection: github.com/kubernetes/kubernetes/issues/… – Outlying 22/7, 2021 at 18:55

N

8

Some kubectl commands support a --dry-run flag (like kubectl run, kubectl expose, and kubectl rolling-update).

There is an issue open to add the --dry-run flag to more commands.

Nightwalker answered 21/8, 2015 at 15:39 Comment(0)

B

3

There is a tool called kubeval which validates configs against the expected schema, and does not require connection to a cluster to operate, making it a good choice for applications such as CI.

Baronetage answered 21/5, 2020 at 5:8 Comment(1)

kubeval is discontinued and hasn't been updated for two years. It shouldn't be used anymore. Here is a more update tool: https://mcmap.net/q/416189/-possible-to-do-a-quot-dry-run-quot-validation-of-files – Farleigh 27/2 at 23:14

F

1

An up-to-date way and local/offline (i.e. without necessary connection to a k8s cluster) way to validate a kubernetes manifest is with kubeconform, an open-source project: https://github.com/yannh/kubeconform

Available for install on most package managers (like e.g. on Arch Linux pacman -S kubeconform).

After installation, simply run:

kubeconform mymanifest.yml

This will locally validate the yaml file with latest synchronized Kubernetes API schemas.

Farleigh answered 27/2 at 22:58 Comment(0)

P

-1

The use of --dry-run and --validate only seem to partially solve the issue.

client-side validation is not exhaustive. it primarily ensures the fields names and types in the yaml file are valid. full validation is always done by the server, and can always impose additional restrictions/constraints over client-side validation.

Source - kubectl --validate flag pass when yaml file is wrong #64830

Given this you cannot do a full set of validations except to hand it off completely to the server for vetting.

Paucker answered 12/11, 2019 at 17:6 Comment(0)

Recommended topics

Hot tags