patternkubernetesMinor
Validating kubernetes manifest with --dry-run and generateName
Viewed 0 times
withkubernetesmanifestgeneratenamevalidatingdryandrun
Problem
We're using ArgoCD to manage deployments, and I'm in the process of sorting out the config repository. I'm planning on having pull requests for any change to the config, and I want to validate the configuration to ensure it's not breaking anything. I've done some looking around, and it looks like the main options are
Due to kubectl actually connecting to the cluster, and have the cluster perform the validation I prefer this approach as it should catch every possible error, however I'm running into a problem.
One of the resources uses
So how can I do this? I can't use apply, and I can't use create. Are there any other options? Does anyone know what Argo uses to validate, because if I push something invalid it presents an error before it is told to sync.
kubeval, kubeconform or using --dry-run with kubectl.Due to kubectl actually connecting to the cluster, and have the cluster perform the validation I prefer this approach as it should catch every possible error, however I'm running into a problem.
One of the resources uses
generateName which is not compatible with kubectl apply, so if I try and validate using kubectl apply -f manifest.yaml --dry-run=server I get the error cannot use generate name with apply. To get around this, I tried to use kubectl create -f manifest.yaml --dry-run=server but instead I get a load of errors about resources already existing (understandable).So how can I do this? I can't use apply, and I can't use create. Are there any other options? Does anyone know what Argo uses to validate, because if I push something invalid it presents an error before it is told to sync.
Solution
After a lot of playing around, I came to a working solution that I briefly mentioned in a comment in the original question. The CI is now creating a namespace on the cluster, running the dry run
apply and then deleting the namespace when finished. Not sure if this is the perfect solution but it's working as I hoped.helm template . \
--values common/values-common.yaml \
--values variants/$VARIANT/values-$VARIANT.yaml \
--name-template=github-actions-test \
--set image.tag=github-actions-test \
--namespace $NAMESPACE \
--debug > dry-run.yaml
kubectl create namespace $NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
echo "errors=$(kubectl create -f dry-run.yaml -n $NAMESPACE --dry-run=server -o yaml 2>&1 > /dev/null)" >> $GITHUB_OUTPUT
kubectl delete namespace $NAMESPACECode Snippets
helm template . \
--values common/values-common.yaml \
--values variants/$VARIANT/values-$VARIANT.yaml \
--name-template=github-actions-test \
--set image.tag=github-actions-test \
--namespace $NAMESPACE \
--debug > dry-run.yaml
kubectl create namespace $NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
echo "errors=$(kubectl create -f dry-run.yaml -n $NAMESPACE --dry-run=server -o yaml 2>&1 > /dev/null)" >> $GITHUB_OUTPUT
kubectl delete namespace $NAMESPACEContext
StackExchange DevOps Q#16792, answer score: 1
Revisions (0)
No revisions yet.