Kubernetes Resource Validator hereinafter krv is tool for checking state of kubernetes resources based on validation CRD.
- all checks are created as CRD manifests -
validations\validation - internal state of all components is writen into
validationcustom resource validationscan be listed viakubectlwith resource api shortcode (scinstead ofstorage-class)validationsare deployed into same namespace askrvapplicationvalidationsmust be easily added and removed
kubectl get validations --all-namespaces
NAME RESOURCE NAMESPACE RESOURCE NAME STATE AGE
pod-check kube-system pod core-dns*. MISSING 35d
sc-check sc nfs-ganesha-sc OK 4d
nfs-sc nfs-test pvc nfs-test NOK 5h
test-deploy test-app deployment net-checker OK 6h- validations can be applied to any kubernetes resources
- validation is free-form definition with posibility of regexp
...
resource: persistent-storage-class
name: nfs-test
namespace: nfs-test
validation:
- jsonPath: "status.phase"
value: "Bound"
......
resource: deployment
name: "test-deploy-[0-9]*"
namespace: test-app
validation:
- jsonPath: "spec.replicas"
value: "3"
- jsonPath: "status.availableReplicas"
value: "3"
...Application itself provides read-only API for state of validations in the form of json payload (same as kubectl get validations -ojson) for REST only access.
validationCRD is deployed into clusterkrvis deployed intokrv-systemnamespacekrvstarts and checks existence ofvalidationCRDkrvloadsvalidationsfromkrv-systemnamespacekrvwatchesvalidationsresources
- in case of existing validated resource check is performed against validation part of definition and set to OK / NOK state
- in case of non-existing resource validation state is set to MISSING state
- in all cases
last check/check changetime is updated - in case of state change additional
eventis writen tokrv-systemnamespace
validationCRDkrvapplication- RBAC model for
krvapplication - service for
krvAPI - Helm Chart package