Save time by shifting YAML resource validation to the pre-deployment phase for more functional and secure deployments.
Platform engineers are often tasked with creating guardrails for developers. However, since Kubernetes has deprecated many policies, setting standards to validate all resources according to company compliance and organizational standards has become a daunting task. Hence shifting resource validation to the pre-deployment phase to ensure everything is functional and secure can actually save teams and their leaders a lot of time and headaches. In our last blog post, we saw how Monokle Cloud can be leveraged to enable policies like Pod Security Standards, hardening guidance by NSA and CISA, etc., ultimately helping developers adhere to these standards even before submitting their code.q
How can developers use VS Code to make resource validation quick and easy? Monokle is committed to empowering all team members, including developers, so it has released an extension for Visual Studio Code called the Monokle VS Code extension. In this blog post, we will learn how developers can use the extension to make resource validation and compliance with pre-defined policies simple. Let us understand in detail the extension’s features, the benefits it offers, and how platform engineers can leverage it in conjunction with Monokle Cloud to define guardrails for their Development Team through policies empowering them to employ best practices while tackling complex configuration tasks in a more efficient way.
The Monokle Visual Studio Code Extension is an open-source extension that makes management and validation of Kubernetes YAML configurations in VS-Code simple. With the extension enabled in Visual Studio Code, developers can validate Kubernetes configurations from the comfort of their favorite editor. The key feature of the Monokle VS Code extension is it takes away the dependency on the developers to manually configure and ensure all the required policies are enabled and provides them with real-time pre-deployment validation.
Platform engineers can use Monokle Cloud to configure policies and enforce them on repositories with Kubernetes resources. The extension will auto-sync policy configurations to the developers’ VS Code allowing uniform enforcement of policies across teams and environments. Companies can ensure compliance without compromising development agility. Let us understand in depth some of the benefits of using Monokle VS Code extension for validating Kubernetes configurations.
Hence, Monokle empowers both developers and platform engineers to streamline their work with an easy-to-use extension fully integrated with all of the advantages of Monokle Cloud at their disposal. Let us get started with installing the extension and explore some of the benefits that it offers.
The Monokle VS Code extension is successfully installed and is enabled by default in Visual Studio Code. Now, let’s access our repository and see how we can make use of this extension to bring real-time validation to our fingertips.
With the multiple benefits that Monokle VS Code extension offers, it gets easier to validate Kubernetes configurations and enable custom policies to help guide developers. Let us dig deeper into how to achieve this with the help of the monokle-demo Kubernetes manifest repository.
Monokle VS Code extension allows developers to validate resources in real-time based on default policies. The default configuration includes the following validation plugins:
We have forked the monokle-demo repository and accessed it in the Visual Studio (VS) Code.
With the extension enabled, Monokle validates the resources in the repository and loads the validation results in VS Code based on the above policies. In the results, click on the file location dropdown and select the error to view details and access the file that has a validation error.
The Monokle VS Code Extension has three parts, let us look at each in detail.
Thus, Monokle empowers the developers to easily identify the validation errors and fix them at the development stage.
The policy configuration used to validate the manifests is set by default. In case we want to play around with this configuration, Monokle provides the capability to update the configuration locally in VS Code. Let us look at the steps to achieve it.
Thus the Monokle VS Code extension makes it easier to customize the playground as per the needs of the project and test with guardrails.
In the above use cases, we have seen how to utilize the default policies provided by Monokle to enable validation. The resources can also be validated against custom policies that are specific to any organization by configuring policies in Monokle Cloud and synchronizing them in VS Code. This helps platform engineers bring all the developers to a common ground and have a uniform configuration for a specific project, team, or environment.
This requires the combined efforts of the team and can be achieved in the following two steps:
Let us see the steps to configure uniform policies for a team with Kubernetes Hardening Guidance by NSA and CISA in Monokle Cloud.
With this, the task of the Platform Engineer is done. Now any developer who syncs this policy configuration will have guardrails already set up.
Let us see how developers can sync the above policy configuration in VS Code using the extension.
With this, we have seen how Monokle can help developers validate resources at the development stage, and have a playground to explore and avoid misconfigurations. Platform engineers can utilize Monokle Cloud to configure policies and the developers can auto-sync this configuration in their VS Code workspace easily.
In this blog post, we have talked about the open-source extension, Monokle Visual Studio Code Extension, added to the suite of tools offered by Monokle that brings validation to the fingertips of developers. They can validate resources using the default policies. It empowers platform engineers to build guardrails and have uniform policy enforcement across organizations, teams, or environments. Monokle aims to make guardrails the common language that brings dev and ops together.
We hope that you find this blog post helpful. You can also reach out to Monokle Product Leader Ole if you have feedback about how we can make Monokle work better for you or drop a mail to email@example.com for information/assistance. Join in the conversation with other users via Discord as part of our growing community.
Writing “good” policies is a complex, time-consuming task. Learn to build and troubleshoot policies interactively – with immediate feedback with the power of Monokle Cloud.
Have you been struggling to adopt Kubernetes Pod Security Standards? Monokle is here to help!
Join the Monokle Community in one of these channels: