Upgrade to Pro — share decks privately, control downloads, hide ads and more …

kubeval を使って manifest を validation しよう

makocchi
March 26, 2020
Technology
0
3k

kubeval を使って manifest を validation しよう

LT 「kubeval を使って manifest を validation しよう」 @Kubernetes Meetup Tokyo #29 Cluster Upgrade 編

makocchi

March 26, 2020
Tweet

More Decks by makocchi

See All by makocchi
Argo Workflowsコトハジメ
makocchi
0
160
クラウドネイティブなDBを使ってみよう!Kubernetes で TiDB を構築・運用する際のポイントを紹介 / how to use tidb with kubernetes
makocchi
2
3.3k
使いこなせ!Argo Workflows / How to use Argo Workflows
makocchi
4
7.7k
Kubernetes で TiDB を使ってみよう / TiDB on Kubernetes
makocchi
0
470
Kubernetes の Runtime Class について知ろう
makocchi
0
490
GKE Autopilot Gatekeeper の Rego を眺めてみる
makocchi
2
800
CRI についておさらいしよう
makocchi
3
880
CI/CD による自動化でビジネスを加速させよう
makocchi
0
580
GitOps ツール徹底比較!あなたに必要なツールがきっと見つかる
makocchi
5
2.4k

Other Decks in Technology

See All in Technology
セキュアエレメントによるWireGuardのセキュリティ強化
kmwebnet
0
140
プロダクトオーナーとしてSLOに向き合う 〜Mackerelチームの事例〜 / SRE NEXT 2023
tatsuru
PRO
0
120
サービスへの影響を抑えてデータベースの移行を実施したはなし Aurora MySQL -> Cloud SQL
pistatium
0
260
Microsoft Fabric 移行ポイントの所見やデータ活用コラボレーションについて
ryomaru0825
0
160
ヒューリスティックコンテストで機械学習しよう
nagiss
7
2.7k
監視とオブザーバビリティ 〜 悩む前に確認しておくべきこと / 20230926-ssmjp-monitoring-and-observability
opelab
9
1.3k
フィンテック養成勉強会#33
finengine
0
160
サーバーレスで仮想待合室を作ろう! / Serverless Virtual Waiting Room
_kensh
3
1.2k
Google Cloud Updates 2023/08/16 - 2023/08/31
no24oka
1
110
Amazon FSx for NetApp ONTAPを 利用するときに気をつけることn選 〜移行プロセスを添えて〜 #devio2023
non97
0
140
TechNight#71 - Oracle Database 23c 新機能#1 JSON関連新機能
oracle4engineer
PRO
0
110
Customer-Centricity Unleashed: Transforming Businesses with LINE Tech
linedevth
0
140

Featured

See All Featured
Fantastic passwords and where to find them - at NoRuKo
philnash
34
2.2k
Building Effective Engineering Teams - LeadDev
addyosmani
21
960
For a Future-Friendly Web
brad_frost
168
8.2k
RailsConf 2023
tenderlove
0
240
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
215
12k
Building a Scalable Design System with Sketch
lauravandoore
453
31k
Adopting Sorbet at Scale
ufuk
66
8.1k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
271
12k
Agile that works and the tools we love
rasmusluckow
323
20k
Building Better People: How to give real-time feedback that sticks.
wjessup
349
18k
How STYLIGHT went responsive
nonsquared
89
4.4k
Three Pipe Problems
jasonvnalue
89
9.2k

Transcript

  1. Presented by @makocchi
    1
    Kubernets Meetup Tokyo #29
    LT
    kubeval を使って manifest を
    validation しよう

    View Slide

  2. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    2
    Makoto Hasegawa
    Working at // AI Division, CyberAgent, Inc
    Currently //
    Develop and maintain private OpenStack cloud.
    Develop and maintain Kubernetes as a Service platform.
    CKA (Certified Kubernetes Administrator) CKA-1700-0150-0100
    CKAD (Certified Kubernetes Application Developper) CKAD-1800-0005-0100
    Job Title // Technical Lead Infrastructure Engineer
    WHO am I
    Twitter // @makocchi
    Facebook // makocchi0923
    Hobby // Playing bass

    View Slide

  3. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    3
    今日の資料は後から公開しますが
    写真を撮りたい人は気にせず撮ってください
    オンライン発表だもの

    View Slide

  4. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    4
    突然ですがここでクイズ

    View Slide

  5. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    5
    5秒でお答えください!!!

    View Slide

  6. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    6
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: mydeploy
    spec:
    selector:
    matchLabels:
    app: myapp
    replicas: "3"
    template:
    metadata:
    labels:
    app: myapp
    app_version: 20200326
    spec:
    containers:
    - name: myapp
    image: myapp:latest
    ports:
    - containerPort: 80
    この manifest の
    間違っている部分は
    どこでしょう?

    View Slide

  7. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    7
    ここだ!
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: mydeploy
    spec:
    selector:
    matchLabels:
    app: myapp
    replicas: "3"
    template:
    metadata:
    labels:
    app: myapp
    app_version: 20200326
    spec:
    containers:
    - name: myapp
    image: myapp:latest
    ports:
    - containerPort: 80

    View Slide

  8. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    8
    spec.replicas は int ですよね
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: mydeploy
    spec:
    selector:
    matchLabels:
    app: myapp
    replicas: "3"
    template:
    metadata:
    labels:
    app: myapp
    app_version: 20200326
    spec:
    containers:
    - name: myapp
    image: myapp:latest
    ports:
    - containerPort: 80

    View Slide

  9. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    9
    なので正解はこう
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: mydeploy
    spec:
    selector:
    matchLabels:
    app: myapp
    replicas: 3 # NG "3"
    template:
    metadata:
    labels:
    app: myapp
    app_version: 20200326
    spec:
    containers:
    - name: myapp
    image: myapp:latest
    ports:
    - containerPort: 80

    View Slide

  10. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    10
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: mydeploy
    spec:
    selector:
    matchLabels:
    app: myapp
    replicas: 3
    template:
    metadata:
    labels:
    app: myapp
    app_version: 20200326
    spec:
    containers:
    - name: myapp
    image: myapp:latest
    ports:
    - containerPort: 80
    これでやっと apply できるぞ

    View Slide

  11. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    11
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: mydeploy
    spec:
    selector:
    matchLabels:
    app: myapp
    replicas: 3
    template:
    metadata:
    labels:
    app: myapp
    app_version: 20200326
    spec:
    containers:
    - name: myapp
    image: myapp:latest
    ports:
    - containerPort: 80
    だがしかし
    そうは上手くいかないのが世の中

    View Slide

  12. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    12
    再び登場
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: mydeploy
    spec:
    selector:
    matchLabels:
    app: myapp
    replicas: 3
    template:
    metadata:
    labels:
    app: myapp
    app_version: 20200326
    spec:
    containers:
    - name: myapp
    image: myapp:latest
    ports:
    - containerPort: 80
    直したんだからね!

    View Slide

  13. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    13
    この manifest を
    apply すると
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: mydeploy
    spec:
    selector:
    matchLabels:
    app: myapp
    replicas: 3
    template:
    metadata:
    labels:
    app: myapp
    app_version: 20200326
    spec:
    containers:
    - name: myapp
    image: myapp:latest
    ports:
    - containerPort: 80
    直したんだからね!

    View Slide

  14. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    14
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: mydeploy
    spec:
    selector:
    matchLabels:
    app: myapp
    replicas: 3
    template:
    metadata:
    labels:
    app: myapp
    app_version: 20200326
    spec:
    containers:
    - name: myapp
    image: myapp:latest
    ports:
    - containerPort: 80
    $ kubectl apply -f pod.yaml
    Error from server (BadRequest): error when creating "pod.yaml": Deployment in version "v1"
    cannot be handled as a Deployment: v1.Deployment.Spec: v1.DeploymentSpec.Template:
    v1.PodTemplateSpec.ObjectMeta: v1.ObjectMeta.Labels: ReadString: expects " or n, but found
    2, error found in #10 byte of ...|version":20200326}},|..., bigger context ...|metadata":
    {"labels":{"app":"myapp","app_version":20200326}},"spec":{"containers":
    [{"image":"myapp:la|...

    View Slide

  15. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    15
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: mydeploy
    spec:
    selector:
    matchLabels:
    app: myapp
    replicas: 3
    template:
    metadata:
    labels:
    app: myapp
    app_version: 20200326
    spec:
    containers:
    - name: myapp
    image: myapp:latest
    ports:
    - containerPort: 80
    何がおかしいのか
    パッと分からない

    View Slide

  16. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    16
    エラーの原因はこれ
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: mydeploy
    spec:
    selector:
    matchLabels:
    app: myapp
    replicas: 3
    template:
    metadata:
    labels:
    app: myapp
    app_version: 20200326
    spec:
    containers:
    - name: myapp
    image: myapp:latest
    ports:
    - containerPort: 80

    View Slide

  17. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    17
    label の value は
    string にする
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: mydeploy
    spec:
    selector:
    matchLabels:
    app: myapp
    replicas: 3
    template:
    metadata:
    labels:
    app: myapp
    app_version: "20200326"
    spec:
    containers:
    - name: myapp
    image: myapp:latest
    ports:
    - containerPort: 80

    View Slide

  18. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    18
    というわけで
    正解はこうでした
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: mydeploy
    spec:
    selector:
    matchLabels:
    app: myapp
    replicas: 3
    template:
    metadata:
    labels:
    app: myapp
    app_version: "20200326"
    spec:
    containers:
    - name: myapp
    image: myapp:latest
    ports:
    - containerPort: 80

    View Slide

  19. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    19
    ここから本題
    kubeval を使って
    Manifest を validation する
    不正な yaml サヨナラ

    View Slide

  20. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    ͘Β͏ͲͶ͍ͯ͌Ϳ
    20
    kubeval とは
    instrumenta 社が開発しているツール
    kubernetes の schema 情報を元に
    manifest が正しいかチェックしてくれる
    schema 情報はここ
    Web でも公開している
    例えばこんな感じで参照できる
    似たようなツールに conftest がある
    https://github.com/instrumenta/kubernetes-json-schema
    https://kubernetesjsonschema.dev/
    https://kubernetesjsonschema.dev/v1.14.0/deployment-apps-v1.json

    View Slide

  21. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    ͘Β͏ͲͶ͍ͯ͌Ϳ
    21
    kubeval の使い方
    とっても簡単 基本的にはとりあえず引数に渡してあげるだけでOK
    不正な manifest の場合には exit code 1 が返る (正しい manifest だった時は 0 が返る)
    $ kubeval pod.yaml
    WARN - pod.yaml contains an invalid Deployment - spec.replicas: Invalid type.
    Expected: [integer,null], given: string
    WARN - pod.yaml contains an invalid Deployment - spec.template.metadata.labels: Invalid type.
    Expected: [string,null], given: integer
    # ਖ਼͍͠ manifest ͷ৔߹͸
    PASS - pod.yaml contains a valid Deployment

    View Slide

  22. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    ͘Β͏ͲͶ͍ͯ͌Ϳ
    22
    kubeval の使い方
    "--strict" を付けることで schema に存在しない attribute があった場合にエラーにしてくれる
    基本的に "--strict" は付けておくのがいいと思われる
    $ kubeval pod.yaml
    PASS - pod.yaml contains a valid Deployment
    $ kubeval --strict pod.yaml
    WARN - pod.yaml contains an invalid Deployment - meetupLocation: Additional property
    meetupLocation is not allowed
    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: mydeploy
    meetupLocation: shibuya
    ...

    View Slide

  23. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    ͘Β͏ͲͶ͍ͯ͌Ϳ
    23
    kubeval の使い方
    kubeval が真価を発揮するのは CI の時じゃないでしょうか
    特に gitops の場合、なるべく不正な manifest は事前に弾いておきたい
    Pull Request が来た段階で merge 前に kubeval で確認しておけば安心できる
    apply -> 失敗 -> なんでじゃ! を防ごう
    kubectl apply --dry-run でいいんじゃないの?
    確かに似たようなことができるのでそれでも OK だと思います
    でも kubernetes の cluster を用意しなければならないので、CI に組み込むのは少し面倒

    View Slide

  24. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    24
    GitHub Actions を使って Pull Request 時に kubeval でチェックしよう

    View Slide

  25. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    ͘Β͏ͲͶ͍ͯ͌Ϳ
    25
    kubeval with GitHub Actions
    実際に触ってもらったほうが分かりやすいと思って
    sandbox repo を用意しました
    自由に PR してもらって OK です!
    その他より詳しい詳細は blog に書いておきました
    https://github.com/makocchi-git/k8s-kubeval-action-demo
    https://medium.com/@makocchi/github-actions-kubernetes-manifests-validation-jp-c790d5a13723
    一応 instrumenta が作った公式ぽい action もあるけど、機能的に少し残念
    https://github.com/instrumenta/kubeval-action

    View Slide

  26. Presented by @makocchi
    Kubernetes meetup Tokyo #29
    26
    kubeval で Happy CI Life を!
    conftest の action も作ってみる予定

    View Slide

  27. Presented by @makocchi
    27
    Kubernets Meetup Tokyo #29
    LT
    kubeval を使って manifest を
    validation しよう
    Thank You For Your kind Attention

    View Slide