Schema validation always fails for CRDs about kubechecks HOT 11 CLOSED

If you upgrade to 1.5.1, we've made some improvements that might help:

• KUBECHECKS_WORST_KUBECONFORM_STATE=warning: if kubeconform fails with something worse than a warning, reduce it to only a warning
• fixed a bug that caused us to attempt to clone the url that you provided above, it should work now.

from kubechecks.

I tried that, but it seems like the schemas would need to be present in every application repository instead of one central place, when providing a file path here. That is just not feasible in our case.

from kubechecks.

Ah, that makes sense. Being stuck with a giant monorepo makes it work.

from kubechecks.

Btw, I would also be fine if I could just disable kubeconform validations.

from kubechecks.

Great, now it works with

KUBECHECKS_SCHEMAS_LOCATION: https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json

Thanks again!

from kubechecks.

Have you tried using a repo location? For example, I set KUBECHECKS_SCHEMAS_LOCATION to tools/kubechecks/schemas and it pulls everything it needs from there. The big caveat is that you gotta pull in the schemas you need.

from kubechecks.

Could it be a path issue with your schema repository? We use kubeconform under the hood, which expects us to pass a path template, not just a path. We take the value used in the env var you mentioned and add {{ .NormalizedKubernetesVersion }}/{{ .ResourceKind }}{{ .KindSuffix }}.json to it. This mimics the default schema repository, which ends up with files named similar to /v1.28.2/deployment-apps-v1.json. It's possible that this is the source of the issue, and I think we don't document it at all =/

from kubechecks.

@djeebus I tried that one, too. I used the URL from kubeconform docs but Kubechecks fails. From the logs, it looks like Kubechecks tries a git clone with that templated path instead of just passing it to kubeconform:

4:14PM ERR unable to clone repository, Cloning into '/tmp/schemas954146872'...
remote: 404: Not Found
fatal: repository 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json/' not found
 error="exit status 128"
4:14PM ERR failed to clone repository error="exit status 128" clone-url=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json
4:14PM INF check done app=kubechecks-staging-gitlab check="validating app against schema" event_id=310 repo=gitlab result="Failed :red_circle:"

However, if I just specify a cloneable URL, Kubechecks pulls that successfully but then there is no path template for kubeconform to find the right schema (see second bullet point from OP).

from kubechecks.

@djeebus is there anything I can do to get rid of the failing pipelines?

from kubechecks.

Sorry, been working on a big push to get multi-repo app-of-apps working. There are a few features that should help out here:

• set the subdirectory of the schemas repo
• disable schema validation
• reduce schema validation errrors to warnings
• customize schema path format

Not sure when we'll get those done, but does that sound like it'd help you out here?

from kubechecks.

Thanks @djeebus, sounds like any of these options might help mitigating the issue. The disable option might just be the quickest and easiest way in our case, since we don't need to rely on this feature atm, but they'd all be useful, I guess.

from kubechecks.