Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
activity

GitHub Action

Monokle Validation

v0.3.0

Monokle Validation

activity

Monokle Validation

Monokle Action analyzes your Kubernetes resources to quickly find misconfigurations

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: Monokle Validation

              
  uses: kubeshop/monokle-action@v0.3.0
Learn more about this action in kubeshop/monokle-action

Choose a version

Monokle Logo

Monokle Action for static Kubernetes analysis.

Welcome to Monokle Action

Monokle Action is a GitHub Action for static analysis of Kubernetes resources.

Use it to prevent misconfigurations within Kustomize, Helm or default Kubernetes resources. The output is available as a SARIF file which you can upload to GitHub CodeScan.

Under the hood it uses @monokle/validation which allows you to configure validation rules extensively.

Explore a demo pull request

Table of content

Usage

Validate the output of Kustomize

on: push

jobs:
  validate:
    name: Validate Kustomize with Monokle
    runs-on: ubuntu-latest
    steps:
      - id: checkout
        uses: actions/checkout@master
      - id: bake
        uses: azure/k8s-bake@v2.2
        with:
          renderEngine: "kustomize"
          kustomizationPath: "./kustomize-happy-cms/overlays/local"
      - id: validate
        uses: kubeshop/monokle-action@v0.2.0
        with:
          path: ${{ steps.bake.outputs.manifestsBundle }}

Validate the output of Helm

on: push

jobs:
  validate:
    name: Validate Helm with Monokle
    runs-on: ubuntu-latest
    steps:
      - id: checkout
        uses: actions/checkout@master
      - id: bake
        uses: azure/k8s-bake@v2.2
        with:
          renderEngine: "helm"
          helmChart: "./helm-yellow-wordpress"
      - id: validate
        uses: kubeshop/monokle-action@v0.2.0
        with:
          path: ${{ steps.bake.outputs.manifestsBundle }}

Validate default Kubernetes resources

on: push

jobs:
  validate:
    name: Validate Kubernetes resources with Monokle
    runs-on: ubuntu-latest
    steps:
      - id: checkout
        uses: actions/checkout@master
      - id: validate
        uses: kubeshop/monokle-action@v0.2.0
        with:
          path: __path_to_file_or_directory_with_kubernetes_yaml_files__

Validate and upload to GitHub CodeScan

on: push

jobs:
  validate:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
    name: Validate Kustomize with Monokle
    steps:
      - id: checkout
        uses: actions/checkout@master
      - id: bake
        uses: azure/k8s-bake@v2.2
        with:
          renderEngine: "kustomize"
          kustomizationPath: "./kustomize-happy-cms/overlays/local"
      - id: validate
        uses: kubeshop/monokle-action@v0.2.0
        with:
          path: ${{ steps.bake.outputs.manifestsBundle }}
      - id: upload-sarif
        if: always()
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: ${{ steps.validate.outputs.sarif }}

Configuration

Action inputs

[path] Relative path to a directory or a YAML file with Kubernetes resources.

[config] Relative path to the Monokle validation configuration file.

@monokle/validation rules

The Monokle Action looks for a Monokle Validation configuration.

The default path is found at ./monokle.validation.yaml.

Learn more about Monokle Validation configuration

Example

plugins:
  yaml-syntax: true
  kubernetes-schema: true
rules:
  yaml-syntax/no-bad-alias: "warn"
  yaml-syntax/no-bad-directive: false
  open-policy-agent/no-last-image: "err"
  open-policy-agent/cpu-limit: "err"
  open-policy-agent/memory-limit: "err"
  open-policy-agent/memory-request: "err"
settings:
  kubernetes-schema:
    schemaVersion: v1.24.2