Comments (2)
eyarz
commented on June 8, 2024
1
@nosleep77 Can you apply this "broken" config to your cluster with kubectl?
If the answer is no (because the cluster rejects it) - it's a bug in Datree.
If the answer is yes - it's not a bug, and I will explain why...
Datree runs three types of validation in the following order:
- yaml validation
- schema validation
- policy check
If I reproduce the steps you mentioned, I can see that it's passing all the checks.
Now let's break it down:
- yaml validation - it's a valid yaml, so this fine
- schema validation - you're expecting it to fail
- policy check - passing because you don't have any built-in/custom rule that targets this CR
So the question is - why the schema validation for this CR is passing and not failing?
The answer is that the schema we are using to validate this CR is extracted from the Probe CRD that is defined and maintained by the Prometheus community (in this case, Daree is just a pipe to match a file to the correct schema). Therefore, the right place to fix it is by opening a PR/issue in the Prometheus project.
from datree.
github-actions
commented on June 8, 2024
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
from datree.
Related Issues (20)
- Publish report to local filesystem HOT 7
- Dashboard login giving error in verifying token. HOT 7
- Datree installation fails in Minikube due to insufficient cpu HOT 3
- Datree Support for SOPS or ability to skip files where "sops" is contained HOT 5
- Datree installation is failing HOT 1
- could not find schema for PodDisruptionBudget HOT 2
- k8s object names are not displayed during datree kustomize test schema validation HOT 3
- datree fails with yaml anchors on linux HOT 4
- Datree update causing validation errors on non-existent fields in deployment files HOT 2
- Cannot use Policy as code from CLI HOT 12
- Why `Prevent containers from accessing host files by using high UIDs` request uid > 10 000 HOT 8
- Error messages logged to stdout instead of stderr break Json and Yaml output formats HOT 1
- Fail to evaluate custom rule with Rego HOT 3
- showing container name in addition of array index.
- Support skipping on a single container
- Disable some of built-in rules? HOT 1
- Add optional rule to lint kubernetes resource names
- CIS_INVALID_VALUE_SECCOMP_PROFILE Is reporting error when it should not HOT 4
- documentation link is not working properly
- Datree outage? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from datree.