ValidKube : Securing your YAML
Validate, Clean, Secure and Audit your Kubernetes Manifest files
Introduction
Komodor is the kubernetes troubleshooting platform that monitors your entire k8s stack, identifies issues, helps in uncovering their root cause and delivers the context you need to troubleshoot efficiently and independently.
And ValidKube is the OSS is a simple web tool that combines a few other OSS tools which allows quick scanning of YAMLs for hygiene, security and validity, it's made and maintained by the Komodor.
What ValidKube does?
In the last few years, there are many companies that are focusing more on the development part of DevOps making the work of developers easy, ValidKube being one of tools that is focused on making the developers work and experience both smooth and easy. Working with Kubernetes and YAML files as the beginner is really difficult sometimes, as you have to debug and making sure that clusters are secure. And this is where ValidKube comes in, it simplifies the developers kubernetes deployments, since it's and online platform so no kind of installations are required.
It can be just run from your browser, and it will validate & clean the files for you.
Features
As we discussed, ValidKube project uses other opensource projects as it's part to provide best features. It has following capabilities:-
- Validate - Verify your Kubernetes configuration files using @kubeval
- Clean - Remove clutter from your Kubernetes manifests using @kubectl-neat
- Secure - Scan your YAML code for security vulnerabilities using @trivy
- Audit -Validation of best practices for your yaml using @polaris
How it works?
We will be using YAML file mentioned below:-
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: example
labels:
app: nginx
spec:
replicas: "Wrong"
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
args: []
ports:
- containerPort: 80
resources: {}
Once the sample YAML is up, click on run and it will validate whether the YAML file is correct or not.
It validates and throw an error, which is correct as we can see spec.replicas
is in the form of the string and we know that's the wrong format, it can either be in the form of Integer
or Null
. Now let's change it value to integer and see what happens:
spec:
replicas: 1
This time we got no errors and status is YAML file is valid, implying that it is fine.
Similarly, While running clean on the file it makes the file more neat and clean and readable for everyone, and when we run secure on the file we can check how many exceptions, failures and successes have occurred, as we have seen it uses the trivy for that purpose, so you will get information about how misconfigs and failures could be fixed. And the last service that it currently provides it Audit, it can help you to know more about your k8s yaml such has when it was created, clusters information, results such as cpuLimits
, cpuRequests
and more.
Follow Up Resources:-
- ValidKube: validkube.com
- GitHub: github.com/komodorio/validkube
- Komodor: komodor.com
You can checkout their GitHub and star it, since it's OSS you can work on current open issues or add more tools or capabilities to it. Give Komodor a follow on twitter, all the updates and news are released there.