Dynamic Validation on K8s Configuration Files (YAML) Using Custom Rules

8/13/2018

I am looking for a static validator that validates Kubernetes deployment or service yaml files based on custom rules. For example, I can have a rule to disallow some fields in the yaml files (although they are valid fields in K8s), or specify a range for values of a field. The validation is triggered independent of kubectl.

The closest solution I found is this kube-lint: https://github.com/viglesiasce/kube-lint. However, it does not seem to be supported since the last commit is March 2017.

Can anyone let me know if there is anything else that does the dynamic validation on K8s yaml files based on custom rules?

-- DylanS
kubernetes
validation
yaml

1 Answer

8/14/2018

I believe the thing you are looking for is an Admission Controller and its two baked-in kinds "validating" and "mutating." However, as the docs say, if that's not powerful enough for your needs there is also Dynamic Admission Controller.

Be sure to watch Pod Security Policies as it matures out of beta (or, I guess, try it even now)

I haven't ever used them to know what the user experience is like (such as: does kubectl offer a friendly message, or just "401: Nope" kind of thing?), but as for the "disallow some fields" part, I am pretty confident they will do exactly as you wish.

-- mdaniel
Source: StackOverflow