A Deep Dive Into Kubernetes Schema Validation
How do you ensure the stability of your Kubernetes clusters? How do you know that your manifests are syntactically valid? Are you sure you don’t have any invalid data types? Are any mandatory fields missing?
Specialized tools and a “shift-left” approach make it possible to verify a Kubernetes schema before they’re applied to a cluster. In this article, I'll address how you can avoid misconfigurations and which tools are best to use.
If all machines (local developers environment, CI, etc.) have access to your Kubernetes cluster, run `kubectl --dry-run` in server mode on every code change. If this isn’t possible, and you want to perform schema validation tests offline, use kubeconform together with a policy enforcement tool to have optimal validation coverage.
Verifying the state of Kubernetes manifests may seem like a trivial task, because the Kubernetes CLI (kubectl) has the ability to verify resources before they’re applied to a cluster. You can verify the schema by using the `dry-run` flag (`--dry-run=client/server`) when specifying the `kubectl create` or `kubectl apply` commands, which will perform the validation without applying Kubernetes resources to the cluster.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25417835/51684715392_2615642caa_o.jpg)
