Validating kubernetes manifest with --dry-run and generateName
-
We're using ArgoCD to manage deployments, and I'm in the process of sorting out the config repository. I'm planning on having pull requests for any change to the config, and I want to validate the configuration to ensure it's not breaking anything. I've done some looking around, and it looks like the main options are
kubeval,kubeconformor using--dry-runwithkubectl.Due to kubectl actually connecting to the cluster, and have the cluster perform the validation I prefer this approach as it should catch every possible error, however I'm running into a problem.
One of the resources uses
generateNamewhich is not compatible withkubectl apply, so if I try and validate usingkubectl apply -f manifest.yaml --dry-run=serverI get the errorcannot use generate name with apply. To get around this, I tried to usekubectl create -f manifest.yaml --dry-run=serverbut instead I get a load of errors about resources already existing (understandable).So how can I do this? I can't use apply, and I can't use create. Are there any other options? Does anyone know what Argo uses to validate, because if I push something invalid it presents an error before it is told to sync.
-
After a lot of playing around, I came to a working solution that I briefly mentioned in a comment in the original question. The CI is now creating a namespace on the cluster, running the dry run
applyand then deleting the namespace when finished. Not sure if this is the perfect solution but it's working as I hoped.helm template . \ --values common/values-common.yaml \ --values variants/$VARIANT/values-$VARIANT.yaml \ --name-template=github-actions-test \ --set image.tag=github-actions-test \ --namespace $NAMESPACE \ --debug > dry-run.yamlkubectl create namespace $NAMESPACE --dry-run=client -o yaml | kubectl apply -f -
echo "errors=$(kubectl create -f dry-run.yaml -n $NAMESPACE --dry-run=server -o yaml 2>&1 > /dev/null)" >> $GITHUB_OUTPUT
kubectl delete namespace $NAMESPACE
