Have you ever wished you could error-proof your Kubernetes application before deployment, without the hassle of using multiple tools? Monokle might just be the solution you've been looking for. In a recent blog post, the Monokle team demonstrates how their tool can help you deploy a modern, highly available, scalable, and reliable e-commerce application while keeping it secure. With Monokle's built-in validation support, resource preview, and real-time visibility of resource utilization, you can ensure that your application's desired state is maintained at all times. By shifting left, you can reduce the time it takes to deploy a new application and minimize the need for multiple tries. Don't let complexity and maintainability hold you back from deploying a top-quality application.
Pre-deployment error-proofing with Monokle
Monokle is a lifecycle manager for Kubernetes manifests, designed to help cloud-native developers create, validate, version control, preview, and understand the behavior of their applications and infrastructure before deployment. The tool sits between traditional developer IDEs and operational cluster dashboards and provides a holistic view of the cluster, including built-in validation support to ensure application security. Monokle also allows for resource preview pre-deployment for Helm or Kustomize deployments, real-time visibility of resource utilization post-deployment, and maintenance of the desired state of the application at all times. Overall, Monokle aims to simplify the Kubernetes management process for developers and reduce the chances of errors.
Monokle Features
Monokle helps in many steps of the process of managing the application configuration and thus has a lot of features. We have designed them to improve productivity & ease of working with Kubernetes. We will provide an overview of these features along with how developers can use them to error-proof Kubernetes deployments. All the YAML files and charts used in this blog post can be found in this repository.
Validation: Standardised codebase
The first step to error-proof a Kubernetes application before deployment is to validate your resources. Traditionally, that would imply separate plugins and integrations into an IDE. However, the restrictions included in the IDE limit what is available in many cases, and the workflow is far from perfect.
YAML uses indentation with white spaces for the structuring and nesting. A single syntax issue will fail YAML parsing. Spotting these errors can be a painful activity when your codebase grows in size. Monokle helps with highlighting these syntax errors before deployment.
Let’s see how you can validate YAML:
YAML syntax validation: A detailed view of validation errors corresponding to YAML syntax for each resource is displayed in the navigator. Hover over to the error sign to view the list. Select a resource from the list to view the complete error message. Make use of the form editor to apply a fix.
Developers are aware that the manifests need to adhere to the Kubernetes schema. Using the kubectl dry-run flag developers can validate resources but it is complex to understand. Any misconfiguration causes vulnerability leading to the application being open for attacks. Monokle helps identify Kubernetes schema errors before deployment as shown below.
Kubernetes schema validation: A warning sign includes Kubernetes schema errors and broken links. It validates that your manifests have the correct properties/value defined in the schema for their resource type.
To ensure security and standard infrastructure development, developers enforce policies. This helps in defining the behavior of the application. Instead of hard-coding these policies in the code, it is preferred to query Open Policy Agent(OPA) and verify the adherence.
To do that, traditionally you would need to use a separate tool but with Monokle’s built-in support to enable OPA policies, you can validate resources during development.
OPA: Monokle displays the list of pre-defined, standardized OPA policies that can be enabled. This ensures that your infrastructure code follows standard practices to secure from vulnerabilities. Leverage OPA security practices with Monokle.
In case you require custom rules to be enforced, Monokle has extremely powerful functionality to write custom rules in Monokle CLI and Monokle Cloud ecosystem. It supports typescript and allows you to create/debug and share custom validators.
Monokle’s built-in validation support helps in checking YAML syntax, adhering to Kubernetes schema, and applying Open Policy Agent(OPA) policies in real-time. In this way, developers can validate the complete infrastructure, get rid of vulnerabilities, and follow Kubernetes' best practices. The chances of a failed deployment due to misconfiguration will be reduced drastically.
Read Error-proof Kubernetes deployment with Monokle blog post to learn how using Monokle will help teams to shift left and focus on pre-deployment workflows instead of picking up the pieces (and bugs!) after deployment.
Top comments (0)