Kubernetes: Typo-Detector?

guettli

10/16/23, 11:10 AM

I had an typo in an Ingress. I used the port 80, but the service was listening on 8080.

It took me some time to find the typo.

AFAIK Kubernetes does not create an error message in such a case. Kubernetes only creates the desired state. It does not check if the desired state makes sense. That's ok.

Is there a tool which checks if the connections (ingress --> service --> deployment --> pod) are valid?

With "valid" I mean: Are there related objects which match the selectors.

Example:

  selector:
    app: foobar

If there is no related object which match the selector, then I would like to get a warning.

Example 2: You use a ingressClassName in an Ingress, and this class does not exist.

1 + 0

kubernetes

Score:4

Server

larsks

10/21/23, 1:59 PM

Is there a tool which checks if the connections (ingress --> service --> deployment --> pod) are valid?

There is no specific tool that does this, and I think doing this in a useful fashion would be difficult.

When creating a resource, you can generally get two responses from the API: Either (a) it works, or (b) it fails, and you receive an error message. It would be possible to implement an admission controller that performs this sort of check, but there's no way for it to deliver a "warning". So consider a situation in which you're performing an initial deployment of your application resources: it's very likely that they will be deployed "out of order", such that e.g. you are creating the Ingress object before the corresponding Service. With our hypothetical admission controller, this would cause the Ingress deployment to fail, which isn't what we want.

You could potentially write a tool to which you would provide a set of manifests as input, and it would perform the validation locally, but this would only be useful if the resources you are deploying form a "closed set": if you're adding an Ingress, but the corresponding Service already exists in the cluster and not in your local files, this idea wouldn't work. It would also fail if you are relying on labels or other metadata that are added dynamically to your resources after they have been deployed.

So the only real option is to write some sort of tool that inspects your resources after they have been deployed so that (a) everything exists in the API and (b) any dynamic modifications have already happened. This might be possible, but I would argue it would be more effective to perform traditional service availability checks instead -- that is, if you're deploying an application that offers a web service at https://example.com, have a monitoring framework that will alert you if https://example.com isn't available (which could happen because of a typo in your label selector, or a missing resource, or for a variety of other reasons).

That doesn't give you the same level of granularity you may be hoping for, but it's trivial to implement and solves the general problem of "was my deployment successful".

+ 2

guettli

10/21/23, 3:58 PM

thank you for you answer. I know that an "offline" linting does not work, and a error/warning from the api-server is not needed. Monitoring the end-user's perspective makes sense. Nevertheless a tool to check the current object-state of the kubernetes-resource-model would be nice.

larsks

10/21/23, 7:24 PM

So you are looking for an "inspect the sources in place" sort of tool?

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Kubernetes: Typo-Detector?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.