K
Q

Validate Kubernetes Object Creation

3/21/2019

I would like to implement functionality (or even better reuse existing libraries/APIs!) that would intercept a kubectl command to create an object and perform some pre-creation validation tasks on it before allowing kubectl command to proceed.

e.g. check various values in the yaml against external DB for example check a label conforms to the internal naming convention and so on..

Is there an accepted pattern or existing tools etc? Any guidance appreciated

-- user1843591
devops
kubernetes

Similar Questions

Setting up kubernetes with Let's Encrypt and Ingress - Gnutls_handshake() failed: An unexpected TLS packet was received
Patching nginx controller deployment on minikube results in rollback to former config
Need assistance with Dockerfile and Kubernetes for .AspNetCore service
What is using the kubernetes pod mount folder?
Why I am getting two different Java version given same docker tag is mentioned?

2 Answers

3/22/2019

I usually append - - dry-run to kubectl command to check and validate the YAML config

-- P Ekambaram
Source: StackOverflow
3/22/2019

The way to do this is by creating a ValidatingAdmissionWebhook. It's not for the faint of heart and even a brief example would be an overkill as a SO answer. A few pointers to start:

https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook

https://banzaicloud.com/blog/k8s-admission-webhooks/

https://container-solutions.com/a-gentle-intro-to-validation-admission-webhooks-in-kubernetes/

I hope this helps :-)

-- Janos Lenart
Source: StackOverflow