Validate your Kubernetes manifests with Conftest in the GitHub Actions

Let’s keep your manifests safe and solid

The result is commented on PR page

Validating your Kubernetes manifests is very important for some security reasons especially in the case of GitOps. Ideally, the validation process should be integrated with your CI workflow.

GitHub Actions

GitHub Actions is powerful and easily setup CI workflow. You can find and use various useful actions that are published at GitHub Marketplace.

Conftest

Conftest helps you write tests for your Kubernetes manifests. Conftest uses the Rego language for writing tests.

The following example is checking whether container(s) uses latest image tag.

check image tag

This example uses extra kubernetes library. See the library and other examples described in instrumenta/policies repository.

And the output is

conftest command line output

GitHub Actions with Conftest

Today I published actions-k8s-manifests-validate-conftest. I hope this action helps keeping your Kubernetes manifests safety and preventing to commit invalid manifests into your repository.

Kubernetes yaml validation by conftest - GitHub Marketplace

There are some similar actions in GitHub Marketplace. But my action’s advantage is that posting validation results as comments on the PR page and you do not need to open the action result page to check the detail of results to bother.

Please let me know if you have any feedback!!

Happy CI life!!