Agent skill

dapr-validator

View SKILL.md on GitHub Repository
Stars 163
Forks 31

Install this agent skill to your Project

npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/devops/dapr-validator

SKILL.md

Overview

This skill validates Dapr configurations for security, correctness, and best practices. It ensures all Dapr components and sidecar annotations follow standards before deployment.

Quick Start

Validate Existing Components

bash
# Validate a Dapr component file
python scripts/validate_component.py <component-file.yaml>

# Validate deployment Dapr annotations
python scripts/validate_deployment.py <deployment-file.yaml>

Generate New Components

bash
# Generate from templates
python scripts/generate_component.py --type statestore-postgres --name mystore --namespace todo-app

# Available templates in assets/:
# - statestore-postgres, statestore-redis
# - pubsub-kafka, pubsub-redis
# - configuration (mTLS)

Validation Rule Codes

Code Category Description
DAPR-001 Component Missing namespace
DAPR-002 Component Using 'default' namespace
DAPR-003 Security Inline credentials (not using secretKeyRef)
DAPR-004 Component Missing or empty scopes
DAPR-005 Configuration mTLS not enabled
DAPR-006 Deployment Missing dapr.io/app-id annotation
DAPR-007 Deployment Missing sidecar resource limits
DAPR-008 Component Invalid component type
DAPR-009 Deployment app-id doesn't match component scopes
DAPR-010 Deployment Missing dapr.io/app-port annotation

Component Structure

Every Dapr component MUST have:

yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: <lowercase-hyphenated>
  namespace: <explicit-namespace>    # Never "default"
spec:
  type: <component-type>
  version: v1
  metadata:
    - name: <key>
      secretKeyRef:                  # For sensitive values
        name: <secret-name>
        key: <secret-key>
scopes:                              # REQUIRED
  - <app-id-1>

Validation Rules

Secrets Management

yaml
# ✅ CORRECT
metadata:
  - name: connectionString
    secretKeyRef:
      name: postgres-secrets
      key: connection-string

# ❌ WRONG - Never inline secrets
metadata:
  - name: connectionString
    value: "postgresql://user:password@host/db"

Scopes (Required)

yaml
# ✅ CORRECT - Scoped to specific apps
scopes:
  - todo-backend
  - todo-mcp-server

# ❌ WRONG - Empty or missing scopes

mTLS Configuration

yaml
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
  name: dapr-config
spec:
  mtls:
    enabled: true    # MANDATORY

Deployment Annotations

Every Dapr-enabled deployment MUST have:

yaml
annotations:
  dapr.io/enabled: "true"
  dapr.io/app-id: "<unique-app-id>"
  dapr.io/app-port: "<container-port>"
  dapr.io/app-protocol: "http"
  dapr.io/sidecar-cpu-request: "100m"
  dapr.io/sidecar-memory-request: "128Mi"
  dapr.io/sidecar-cpu-limit: "300m"
  dapr.io/sidecar-memory-limit: "256Mi"

Component Examples

PostgreSQL State Store

yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: statestore
  namespace: todo
spec:
  type: state.postgresql
  version: v1
  metadata:
    - name: connectionString
      secretKeyRef:
        name: postgres-secrets
        key: connection-string
scopes:
  - todo-backend

Kafka Pub/Sub

yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
  name: pubsub
  namespace: todo
spec:
  type: pubsub.kafka
  version: v1
  metadata:
    - name: brokers
      value: "kafka:9092"
    - name: authType
      value: "password"
    - name: saslUsername
      secretKeyRef:
        name: kafka-secrets
        key: username
    - name: saslPassword
      secretKeyRef:
        name: kafka-secrets
        key: password
scopes:
  - todo-backend

Validation Output

## Dapr Validation Report

### Component: statestore
✅ Structure valid
✅ Namespace explicit
✅ Secrets use secretKeyRef
✅ Scopes defined
❌ ERROR: Empty scopes

### Deployment: todo-backend
✅ Dapr enabled
✅ App-id matches scopes
⚠️ WARNING: No sidecar limits

### Status: PASSED / BLOCKED

Common Mistakes

Mistake Fix
Inline secrets Use secretKeyRef
Missing scopes Add explicit app-ids
Wrong app-id Match annotation to scopes
No sidecar limits Add resource annotations
Missing namespace Use explicit namespace

Checklist

Components:
[ ] apiVersion: dapr.io/v1alpha1
[ ] Explicit namespace
[ ] secretKeyRef for credentials
[ ] Scopes defined

Deployments:
[ ] dapr.io/enabled: "true"
[ ] dapr.io/app-id set
[ ] dapr.io/app-port correct
[ ] Sidecar resource limits

Configuration:
[ ] mTLS enabled

CLI Commands

bash
dapr status -k
dapr components -k -n todo
kubectl describe component statestore -n todo

Didn't find tool you were looking for?

Be as detailed as possible for better results