Comments (11)
If you upgrade to 1.5.1, we've made some improvements that might help:
KUBECHECKS_WORST_KUBECONFORM_STATE=warning
: if kubeconform fails with something worse than a warning, reduce it to only a warning- fixed a bug that caused us to attempt to clone the url that you provided above, it should work now.
from kubechecks.
I tried that, but it seems like the schemas would need to be present in every application repository instead of one central place, when providing a file path here. That is just not feasible in our case.
from kubechecks.
Ah, that makes sense. Being stuck with a giant monorepo makes it work.
from kubechecks.
Btw, I would also be fine if I could just disable kubeconform validations.
from kubechecks.
Great, now it works with
KUBECHECKS_SCHEMAS_LOCATION: https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json
Thanks again!
from kubechecks.
Have you tried using a repo location? For example, I set KUBECHECKS_SCHEMAS_LOCATION
to tools/kubechecks/schemas
and it pulls everything it needs from there. The big caveat is that you gotta pull in the schemas you need.
from kubechecks.
Could it be a path issue with your schema repository? We use kubeconform under the hood, which expects us to pass a path template, not just a path. We take the value used in the env var you mentioned and add {{ .NormalizedKubernetesVersion }}/{{ .ResourceKind }}{{ .KindSuffix }}.json
to it. This mimics the default schema repository, which ends up with files named similar to /v1.28.2/deployment-apps-v1.json
. It's possible that this is the source of the issue, and I think we don't document it at all =/
from kubechecks.
@djeebus I tried that one, too. I used the URL from kubeconform docs but Kubechecks fails. From the logs, it looks like Kubechecks tries a git clone
with that templated path instead of just passing it to kubeconform:
4:14PM ERR unable to clone repository, Cloning into '/tmp/schemas954146872'...
remote: 404: Not Found
fatal: repository 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json/' not found
error="exit status 128"
4:14PM ERR failed to clone repository error="exit status 128" clone-url=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json
4:14PM INF check done app=kubechecks-staging-gitlab check="validating app against schema" event_id=310 repo=gitlab result="Failed :red_circle:"
However, if I just specify a cloneable URL, Kubechecks pulls that successfully but then there is no path template for kubeconform to find the right schema (see second bullet point from OP).
from kubechecks.
@djeebus is there anything I can do to get rid of the failing pipelines?
from kubechecks.
Sorry, been working on a big push to get multi-repo app-of-apps working. There are a few features that should help out here:
- set the subdirectory of the schemas repo
- disable schema validation
- reduce schema validation errrors to warnings
- customize schema path format
Not sure when we'll get those done, but does that sound like it'd help you out here?
from kubechecks.
Thanks @djeebus, sounds like any of these options might help mitigating the issue. The disable option might just be the quickest and easiest way in our case, since we don't need to rely on this feature atm, but they'd all be useful, I guess.
from kubechecks.
Related Issues (20)
- Change ':heavy_exclamation_mark:' emoji
- Option to disable failing builds during kubechecks failures HOT 1
- Allow option to run kubechecks in namespaced scope instead of clusterscope always
- Add better support for apps in different repositories
- Feature request: ArgoCD dry run HOT 1
- ARGOCD_API_INSECURE not being respected HOT 1
- Unable to set location for remote repository HOT 12
- 401 Unauthorized - using private repositories as a git chart dependency (Aws Ecr) HOT 2
- Move from `whilp/git-urls` to `chainguard-dev/git-urls` to address CVE-2023-46402
- Diffing: RPC PermissionDenied HOT 3
- OpenAI likes to add ```, but it screws up the following diff HOT 1
- Links to abandoned repos HOT 1
- `failed to set git email address: exit status 255` HOT 1
- CVE-2024-31989
- Diffs triggered for resources where no change was made
- AppSet diff support HOT 2
- Kubeconform Alternate schema locations HOT 3
- Use `slog` for logging throughout Kubechecks
- Use KubeChecks with GitHub app
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubechecks.