Validation Rules
Rules are the controls that are checked to find misconfigurations.
Overview
Monokle’s validator is modular and uses plugins. Each plugin will extend the SARIF (Static Analysis Results Interchange Format) producer with more rules. There are three types of plugins: (1) core plugins, (2) community plugins, and (3) private plugins.
Core Plugins
There are five core plugins which are build-in by default:
- Pod Security Standards: Essential security controls which broadly cover the security spectrum.
- Practices: Common practices you can use to further improve your Kubernetes deployments.
- Resource Links: Validates that references between your Kubernetes configuration are correct.
- Kubernetes Schema: Validates the shape of your Kubernetes configuration by checking JSON schemas and K8s deprecations.
- YAML Syntax: Validates whether your manifests use correct YAML syntax.
Community Plugins
Monokle has community plugins which make it easy to support validation for custom operators and their custom resource definitions. You can install a plugin gallery within the validation activity or policy builder. Are you missing a plugin for your favourite tool? Let us know and we will add it for you.
You might want to get rid of a plugin’s rules, if you are permanently breaking up, you can click “uninstall” in the dotted menu of the plugin’s card. Maybe you temporarily want to hide them? Simply disable them to keep your rules configuration and enable it once again whenever you are ready.
Private Plugins (Coming Soon)
Monokle has private plugins which tailor security controls to your needs. This feature is currently under development so expect an update soon.