Kubernetes Schema is outdated

Question

Kubernetes Schema is outdated

czunker opened this issue 3 years ago · 3 comments

Describe the bug
Kubesec checks against the Kubernetes schema version 1.18.
The Docker image is also build with an outdated schema version.

The image used as source for the schema was last build two years ago:
https://hub.docker.com/r/stefanprodan/kubernetes-json-schema/tags?page=1&ordering=last_updated

To Reproduce
Steps to reproduce the behaviour:

Run bats tests from PR #217.
They will show this error:

✗ passes Pod with non-unconfined seccomp field for all containers
   (from function `assert_output' in file ././bin/bats-assert/src/assert.bash, line 223,
    from function `assert_gt_zero_points' in file ./_helper.bash, line 102,
    in test file ./1_cli.bats, line 113)
     `assert_gt_zero_points' failed with status 2
   
   -- regular expression does not match output --
   regexp (1 lines):
     .*with a score of [1-9]+ points.*
   output (10 lines):
     [
       {
         "object": "Pod/undefined.default",
         "valid": false,
         "fileName": "./asset/versioned/score-0-pod-seccomp-non-unconfined-v1.19.yml",
         "message": "spec.containers.0.securityContext: Additional property seccompProfile is not allowed ",
         "score": 0,
         "scoring": {}
       }
     ]
   --

The seccompProfile field was introduced with Kubernetes 1.19.

Expected behaviour
Kubesec should check against the latest schema.

Answer 1 · 2021-08-13T06:33:24.000Z

Perhaps, this could replace stefanprodan/kubernetes-json-schema:
https://github.com/controlplaneio/kubernetes-json-schema-container

Answer 2 · 2022-10-24T14:15:02.000Z

Fixed in #345

Answer 3 · 2022-12-22T10:01:09.000Z

hi @czunker , this has been recently updated and documented here: https://github.com/controlplaneio/kubesec#specify-custom-schema