I recently got some spare time to clean up and enhance my Kubernetes CI/CD pipelines. I have long embraced the Fail-Fast approach to deployments, and have added test after test to make our deployments go off without a hitch. One tool that has helped with this is kubeval. This super useful tool can process one or more deployment manifests, and spit out an error if they aren’t properly structured. This is one of the tests I run for each commit that touches Kubernetes deployment files, and a super useful one at that!
In its simplest form, kubeval can be passed a manifest to evaluate. Given the following broken manifest:
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx
name: nginx
spec:
containers:
- image: nginx
name: nginx
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
Kubeval will spit out an error letting you know that the YAML is invalid:
$ kubeval nginx.yaml
ERR - Failed to decode YAML from nginx.yaml: error converting YAML to JSON: yaml: line 12: mapping values are not allowed in this context
If you process the return code in your CI pipeline, you can exit immediately if a malformed manifest was checked into version control. YAML can be a pain to work with, so this gives me a bit more comfort that issues are caught quickly.