Kubevious Guard is a cloud-native best practices and configuration validation enforcement tool for Kubernetes clusters and applications. It uses built-in DevOps validators and the Rules Engine to detect and enforce custom policies and conditions. What makes Kubevious Guard unique and different is the ability to enforce cross-manifest policies. That allows simplified enforcement of complex policies, such as preventing MySQL databases from getting exposed outside of the cluster or the usage of high-throughput storage classes for critical stateful workloads.
Guard is accessible through a shell script and can be easily integrated into any CI/CD pipeline. The user has to just pipe changes into the Guard script and wait for the entire change package to get validated.
$ cat manifests.yaml | sh <(curl -sfL https://run.kubevious.io/validate.sh)
$ kubectl apply -f manifests.yaml
Instead of calling cat manifests.yaml, the output of Kubernetes package managers, such as helm template, kustomize build, etc. can be used. The only requirement is to pipe YAML manifests before they get applied to the Kubernetes cluster. Guard will then compare the state of the policies with and without the change package. If the change package introduces additional errors and violations, then the entire change package will be rejected.