The easiest way to start taking advantage of CUE’s powerful validation is to use it to check Kubernetes CRD manifests before deploying them. By adding this check to your development or deployment process you can catch and fix structural errors before they cause operational problems.
This guide shows you how to validate a fluxcd.io CRD manifest using the appropriate
curated module
from the CUE Central Registry –
all without writing any schemas or policies in CUE.
Choose a manifest
This example is adapted from the Flux HelmRelease CRD documentation but you should use a manifest that’s relevant to your situation:
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: podinfo
namespace: default
spec:
interval: 10m
timeout: 5m
chart:
spec:
chart: podinfo
version: '6.5.*'
sourceRef:
kind: HelmRepository
name: podinfo
interval: 5m
releaseName: podinfo
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
test:
enable: true
driftDetection:
mode: enabled
ignore:
- paths: ["/spec/replicas"]
target:
kind: Deployment
values:
replicaCount: 2Validate the manifest
$ cue vet -c -d '#HelmRelease' cue.dev/x/crd/fluxcd.io/helm/v2@latest manifest.yamlThis command uses the #HelmRelease definition from the
helm/v2 package to check the manifest.
Because cue vet doesn’t display any errors
you know that the curated module has validated the file’s structure.
If you see an error message mentioning “too many requests” then login to the Central Registry and re-run this command. The Central Registry allows more requests from authenticated users.
Validate more manifests
You can tell the cue vet command to check several manifests at once:
$ cue vet -c -d '#HelmRelease' cue.dev/x/crd/fluxcd.io/helm/v2@latest a.yml b.yaml c.ymlNext steps
Validating your YAML CRD manifests with CUE can help make development and deployments safer, but defining those same files in CUE lets you build on its first-class templating, referencing, and policy features.