I’ve been looking for this myself and did not find a sufficient tooling. However, there are few workarounds:
- Deploy all objects to a temporary
ci-job-idnamespace in dev/stage clusters. They should be the same as a prod, but will not impose the security risks you mentioned. This gives an additional benefit – you can check if everything got created, all pods are running. It helps to catch issues like insufficient resource requests, missing images, misconfigured
Serviceselectors, etc. Also it let’s you add a smoke test on top.
- Spin a small minikube with all the CRDs specifically for CI validations. This approach gives you less coverage, but it is much cheaper to maintain.
CLICK HERE to find out more related problems solutions.