Using Kubernetes server side validation to validate your deployment manifests

Kubernetes server side validation recently landed, and it’s a super useful feature. Prior to server side validation, you could use the kubectl dry-run feature to validate your deployment manifests:

$ kubectl apply --dry-run -f nginx.yaml

pod/nginx created (dry run)

When this command runs, the validation occurs on the machine that hosts the kubectl binary. While useful, there are a few use cases were your manifest would validate locally, but wouldn’t apply when you sent it to the API server. One example is if your kubectl binary was older than 1.16, and you tried to send a JSON payload with deprecated APIs to a 1.16+ API server. With the new server side apply feature, you can have the API server validate the manifest.

To use server side validation, you can add the string “server” to the “–dry-run” option:

$ kubectl apply --dry-run=server -f nginx.yaml

error: error validating "nginx.yaml": error validating data: ValidationError(Pod.spec.containers[0].resources): unknown field "requestss" in io.k8s.api.core.v1.ResourceRequirements; if you choose to ignore these errors, turn validation off with --validate=false

If the API server detects an issue, kubectl will note that in the output. Super useful feature, and definitely one you should add to your CI/CD pipeline if kubectl is your deployment tool of choice.

This article was posted by on 2020-06-29 01:00:00 -0500 -0500