/kind bug
I think that is is a bug
What happened:
kubectl is successfuly validate a yaml file that contains invalid data (see below for the yaml file contents):
$ kubectl --context=minikube create --dry-run --validate -f invalid.yml
deployment "test" created (dry run)
However when issuing the command without the validate, it fails
$ kubectl --context=minikube apply -f invalid.yml
The Deployment "test" is invalid:
* metadata.labels: Invalid value: "£\"+=_+!¹²³€}{{@\"}{@~@:>?|\\|¬`}": a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue', or 'my_value', or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')
* spec.replicas: Invalid value: -100: must be greater than or equal to 0
* spec.selector.matchLabels: Invalid value: "£\"+=_+!¹²³€}{{@\"}{@~@:>?|\\|¬`}": a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue', or 'my_value', or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')
* spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app":"£\"+=_+!¹²³€}{{@\"}{@~@:>?|\\|¬`}"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: invalid label selector.
What you expected to happen:
kubectl create --dry-run --validate
should report that there are errors in the yaml file
How to reproduce it (as minimally and precisely as possible):
Save the yaml below in a yaml file and apply once with
kubectl create --dry-run --validate -f file.yaml
and then go for real with
kubectl create -f file.yaml
Minikube can be used.
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: test
labels:
app: £"+=_+!¹²³€}{{@"}{@~@:>?|\|¬`}
namespace: default
spec:
replicas: -100
revisionHistoryLimit: 2
template:
metadata:
labels:
app: £"+=_+!¹²³€}{{@"}{@~@:>?|\|¬`}
spec:
containers:
- image: £"+=_+!¹²³€}{{@"}{@~@:>?|\|¬`}
name: £"+=_+!¹²³€}{{@"}{@~@:>?|\|¬`}
envFrom:
- secretRef:
name: £"+=_+!¹²³€}{{@"}{@~@:>?|\|¬`}
Anything else we need to know?:
Environment:
kubectl version
):NAME="Linux Mint"
VERSION="18.3 (Sylvia)"
ID=linuxmint
ID_LIKE=ubuntu
PRETTY_NAME="Linux Mint 18.3"
VERSION_ID="18.3"
VERSION_CODENAME=sylvia
UBUNTU_CODENAME=xenial
Kernel (e.g. uname -a
):
Linux nb 4.13.0-43-generic #48~16.04.1-Ubuntu SMP Thu May 17 12:56:46 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Install tools:
/sig cli
client-side validation is not exhaustive. it primarily ensures the fields names and types in the yaml file are valid. full validation is always done by the server, and can always impose additional restrictions/constraints over client-side validation.
/close
Most helpful comment
client-side validation is not exhaustive. it primarily ensures the fields names and types in the yaml file are valid. full validation is always done by the server, and can always impose additional restrictions/constraints over client-side validation.