ValidKube : Securing your YAML

ValidKube : Securing your YAML

Validate, Clean, Secure and Audit your Kubernetes Manifest files

Introduction

Komodor is the kubernetes troubleshooting platform that monitors your entire k8s stack, identifies issues, helps in uncovering their root cause and delivers the context you need to troubleshoot efficiently and independently.

And ValidKube is the OSS is a simple web tool that combines a few other OSS tools which allows quick scanning of YAMLs for hygiene, security and validity, it's made and maintained by the Komodor.

image.png

What ValidKube does?

In the last few years, there are many companies that are focusing more on the development part of DevOps making the work of developers easy, ValidKube being one of tools that is focused on making the developers work and experience both smooth and easy. Working with Kubernetes and YAML files as the beginner is really difficult sometimes, as you have to debug and making sure that clusters are secure. And this is where ValidKube comes in, it simplifies the developers kubernetes deployments, since it's and online platform so no kind of installations are required.

It can be just run from your browser, and it will validate & clean the files for you.

Features

As we discussed, ValidKube project uses other opensource projects as it's part to provide best features. It has following capabilities:-

  • Validate - Verify your Kubernetes configuration files using @kubeval
  • Clean - Remove clutter from your Kubernetes manifests using @kubectl-neat
  • Secure - Scan your YAML code for security vulnerabilities using @trivy
  • Audit -Validation of best practices for your yaml using @polaris

How it works?

We will be using YAML file mentioned below:-

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: example
  labels:
    app: nginx
spec:
  replicas: "Wrong"
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        args: []
        ports:
        - containerPort: 80
        resources: {}

Once the sample YAML is up, click on run and it will validate whether the YAML file is correct or not.

image.png

It validates and throw an error, which is correct as we can see spec.replicas is in the form of the string and we know that's the wrong format, it can either be in the form of Integer or Null. Now let's change it value to integer and see what happens:

spec:
  replicas: 1

This time we got no errors and status is YAML file is valid, implying that it is fine. image.png

Similarly, While running clean on the file it makes the file more neat and clean and readable for everyone, and when we run secure on the file we can check how many exceptions, failures and successes have occurred, as we have seen it uses the trivy for that purpose, so you will get information about how misconfigs and failures could be fixed. And the last service that it currently provides it Audit, it can help you to know more about your k8s yaml such has when it was created, clusters information, results such as cpuLimits, cpuRequests and more.


Follow Up Resources:-

  1. ValidKube: validkube.com
  2. GitHub: github.com/komodorio/validkube
  3. Komodor: komodor.com

You can checkout their GitHub and star it, since it's OSS you can work on current open issues or add more tools or capabilities to it. Give Komodor a follow on twitter, all the updates and news are released there.

Did you find this article valuable?

Support Animesh Pathak by becoming a sponsor. Any amount is appreciated!