With Busola's resource validation feature, you can validate resources, for example, security and compliance, before uploading them to your cluster. The resource is active in the 'Upload YAML' dialog.
You can choose which policies should be validated in the user preferences or set a feature flag.
In the user preferences, go to Clusters > Resource Validation. Click on Customize in the Enabled Policies section.
In the feature flag config, set the following specifications:
RESOURCE_VALIDATION:
isEnabled: true
config:
policies:
- Default
- PodSecurityStandardsBaselineTo further customize the validation, you can upload your own rules and policies as a ConfigMap with the label busola.io/resource-validation=rule-set.
Rule sets consist of a rules array and a policies array. Both are optional.
A rule needs the uniqueName, messageOnFailure, and schema properties. The schema property follows the json-schema specification.
rules:
- uniqueName: TEST
messageOnFailure: This is a test rule
schema:
required: [test]
properties:
test:
type: string
enum: [hello]A policy needs the name and rules properties. The rules property must be an array containing references to rules via the rule's uniqueName.
policies:
- name: TestPolicy
rules:
- TESTPolicies can also reference rules in different rule sets as long as they are loaded in Busola.
To see the full specifications, check the example rule-set.
With the CLUSTER_VALIDATION feature flag enabled, you can use these rules to scan existing resources in your cluster.
The Cluster Validation panel is located on the Cluster Overview page.