TL;DR
In the past, Kustomize suggested using transformers to validate resources, but later, it introduced validators, which are like transformers but read-only.
Say Hi to KubeconformValidator, a plugin built around Kubeconform to validate manifests schema within Kustonize 🚀
Details
- Kubeval is not maintained anymore, and their repo suggests using Kubeconform as a replacement.
- The KRM model is used in the plugin, so no more Kustomize legacy plugins.
- During the weekend, I did it in 5 short iterations (in hours) to discover different options and structures.
- In the past, I used kpt-functions-sdk/fn to work with KRM, but I decided to try Kustomize's kyaml/fn/framework, and it's great 😍
- The kyaml/fn/framework saved a lot of work with KRM and let met to just focus on the plugin logic. For example, I don't need to deal with OpenAPI Schema validation, it does it perfectly.
Example
apiVersion: validators.kustomize.aabouzaid.com/v1alpha1
kind: KubeconformValidator
metadata:
name: validate
annotations:
config.kubernetes.io/function: |
# Exec KRM functions.
exec:
path: ../dist/kubeconformvalidator
# # Containerized KRM functions.
# container:
# image: aabouzaid/kubeconformvalidator
# network: true
spec:
# Configure Kubeconform.
config:
output: json
skip:
- AlertmanagerConfig
# Also, direct Kubeconform args could be used
# but "spec.args" has lower priority over "spec.config".
# https://github.com/yannh/kubeconform#Usage
# args:
# - -output
# - json
# - -skip
# - AlertmanagerConfig
That's it! Enjoy, and don't forget to take a look at awesome Kustomize list! :-)
