Validate OpenShift objects defined in yaml before actually applying or executing it

Question

I have a OpenShift template in template.yaml file which includes following objects - deployment-config, pod, service and route. I am using the following command to execute the yaml:

oc process -f template.yml | oc apply -f -

I want to perform following validations before I actually apply/execute the yaml:

1. YAML syntax validation - if there are any issues with the YAML syntax.
2. OpenShift schema validation - to check if the object definition abides by the OpenShift object schema.

It seems that the command 'oc process' is doing following checking:

1. Basic YAML syntax validation
2. Template object schema validation

How to perform schema validation of other objects (e.g. deployment-config, service, pod, etc.) that are defined in template.yaml?

Answer 1

This is now possible with the OpenShift client (and on Kubernetes in general), e.g.

$ oc login
Username: john.doe
Password: 
Login successful.

$ oc apply -f openshift/template-app.yaml --dry-run
template "foobar-app" created (dry run)

It's also possible to process the template locally, thus you can avoid sending it to the server first, e.g.

$ oc process -f openshift/template-app.yaml --local -p APP_NAME=foo | oc apply --dry-run --validate -f -
deploymentconfig "foo" created (dry run)
service "foo" created (dry run)

Also note the --validate option I'm using for schema validation. Unfortunately, you still have to log in for the apply command to work (there's no --local option for apply).

Oddly, this feature is not described in the CLI documentation, however it's mentioned on the help screen:

$ oc apply --help
Apply a configuration to a resource by filename or stdin.

JSON and YAML formats are accepted.

Usage:
  oc apply -f FILENAME [options]

...

Options:
      ...
      --dry-run=false: If true, only print the object that would be sent, without sending it.
      ...
      --validate=false: If true, use a schema to validate the input before sending it

Use "oc <command> --help" for more information about a given command.
Use "oc options" for a list of global command-line options (applies to all commands).

Answer 2

I'm having the same issue with cryptic errors coming back from the oc process command.

However if you go into the Openshift Console and use the "Add to Project" link at the top of the console, choose the "Import YAML / JSON" option and import your YAML/JSON that way you get slightly more useful errors.