19 Followers
·
Follow

Validate your Kubernetes manifests with Conftest in the GitHub Actions

Let’s keep your manifests safe and solid

Image for post
Image for post
The result is commented on PR page

Validating your Kubernetes manifests is very important for some security reasons especially in the case of GitOps. Ideally, the validation process should be integrated with your CI workflow.

GitHub Actions

GitHub Actions is powerful and easily setup CI workflow. You can find and use various useful actions that are published at GitHub Marketplace.

Conftest

Conftest helps you write tests for your Kubernetes manifests. Conftest uses the Rego language for writing tests.

The following example is checking whether container(s) uses image tag.

check image tag

This example uses extra kubernetes library. See the library and other examples described in instrumenta/policies repository.

And the output is

conftest command line output

GitHub Actions with Conftest

Today I published actions-k8s-manifests-validate-conftest. I hope this action helps keeping your Kubernetes manifests safety and preventing to commit invalid manifests into your repository.

There are some similar actions in GitHub Marketplace. But my action’s advantage is that posting validation results as comments on the PR page and you do not need to open the action result page to check the detail of results to bother.

Please let me know if you have any feedback!!

Happy CI life!!

Written by

Makoto Hasegawa | kubernetes | CKA(#CKA-1700–0150–0100) | CKAD(CKAD-1800–0005–0100) | docker | container | OpenStack

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store