Skip to main content

Monokle aims to help you write better Kubernetes deployments no matter your preferred way of working. You can now install a technical preview of our VSC extension to fix your configuration directly while you are coding from the comfort of your Visual Studio Code.

As usual, misconfigurations are highlighted directly within your source code with a recommended remediation to fix them without being a Kubernetes expert. All misconfigurations are also listed as a summary in VSCode's problem pane, or within the SARIF viewer for additional information and filters.

By default, a sensible policy is used or you can simply add a Monokle validation configuration file to your workspace to customise the rules.

What's next

Right now we're working on improving the stability of the extension and on an integration with Monokle Cloud as the unified policy manager. That way your organization can define a policy once and all your developers will be synchronised without friction.

Improvements and fixes

  • Directories are now collapsed by default in the explorer activity.
  • The rule description was improved in the audit activity.
  • The commit button in the git activity is no longer disabled without staged changes and will now commit all unstaged changes instead.
  • Going to the dashboard from the IDE now adds a button to conveniently return back to the IDE.
  • Added branch name validation when creating a PR while committing.

Today we're introducing validation for your labels and annotations. Given the dynamic nature of labels and annotations, the plugin is packed with possibilities to customize validation. This gives you the tools to easily tailor a policy to your infrastructure.

Let's take a look at the rules from least to most configurable:

  • recommended-labels validates whether the Kubernetes' recommended labels are present.
  • custom-labels and custom-annotations are configurable rules; pass one or more items and existence of it will be validated.
  • {name}-label and {name}-annotation are dynamic rules; by default it checks existences for that name. You can add configuration to also check the values. Besides validating the value, benefits of dynamic rules include more readable policies when you have many labels / annotations and the ability to set different warning or error levels for each of them.

Our web applications comes with a nice graphical interface to configure these rules; or you can define it within the YAML as follows:

metadata: true
metadata/recommended-labels: true
metadata/custom-labels: ["err", ["env", "owner"]]
metadata/custom-annotations: ["err", [""]]
metadata/env-label: ["err", ["production", "staging"]]
metadata/owner-label: "warn"
metadata/example.io__demo-annotation: ["err", ["a", "b"]]

Improvements and fixes

  • Navigating from the IDE to the dashboard now adds a convenient button to return to your ongoing IDE session once you are done with tweaking settings.

The Kubernetes Schema plugin received some love in this latest release. Three rules have been added to improve validation when the JSON Schema was deprecated, removed or not found.

Detect deprecation and removal

The deprecation-violated and removal-violated help you migrate between Kubernetes versions. Previously, this meant going through the Kubernetes changelogs to determine removed and deprecated API versions but we now automate this to do the hard lifting for you.

To illustrate, the PodSecurityPolicy was deprecated in v1.21 which will now warn you, and it was removed in v1.25 which will now show an error to indicate that it will no longer be accepted by the Kubernetes API Server.

Schema strict mode

Missing JSON Schemas would lead to validation being skipped, which lead to believe that there are no problems for Custom Resource Definition which have no schema registered. The strict-mode-violated rule indicates this to avoid surprises.

Improvements and fixes

  • Accessing a PR Quicklink to a project in your workspace to which you have no access will prompt an "Request access".
  • Fixed the Kustomization file label when it's located at the repository's root.
  • Improved Creating branch & PR while commiting when Chrome pop-up blocker is activated.
  • Fixed project create view sometimes showing the workspace identifier instead of name.

The Monokle team is proud to announce the official release of Monokle Cloud, a browser-based Kubernetes configuration control plane that helps platform engineers and their teams boost the quality of their Kubernetes deployments.

Monokle Cloud brings centralized policy management, extensible real-time configuration validations, misconfiguration-aware code editing, and tight GitHub integration to any k8s configuration workflow, empowering teams to create and deploy high-quality K8s configurations across the entire application lifecycle.

Read more