A Go CLI tool for validating static configuration of OpenShift clusters, particularly focused on AWS networking and DNS setup for BYOVPC (Bring Your Own VPC) deployments.
This tool is a port of the original Rust-based byovpc-checker with a modular architecture designed to support additional static validation checks in the future.
-
Network Validation: Validates VPC networking configuration including:
- Subnet count per Availability Zone
- Subnet tagging for cluster ownership and ELB usage
- Load balancer subnet associations
- Network interface (ENI) validation
-
DNS Validation: Validates Route53 hosted zone configuration including:
- Expected number of hosted zones
- Load balancer DNS usage validation
- Verification that only cluster load balancers are referenced
-
Multiple Output Formats:
checks- Show all check results (default)failures- Show only failed checksdebug- Show raw AWS data in JSON format
- Go 1.22+ for building from source
- AWS CLI configured with appropriate credentials
ocmCLI tool for cluster information retrieval
git clone <repository-url>
cd managed-openshift-static-validator
make buildThe binary will be available at bin/mosv.
make build-allThis creates binaries for Linux, macOS (Intel & Apple Silicon), and Windows.
# Validate all checks for a cluster
mosv validate <cluster-id>
# Run only network checks
mosv validate <cluster-id> --checks network
# Run only DNS checks
mosv validate <cluster-id> --checks dns
# Show only failures
mosv validate <cluster-id> --format failures
# Debug mode (show raw AWS data)
mosv validate <cluster-id> --format debugmosv validate [cluster-id] [flags]
Flags:
--checks CheckTypes Checks to run (network, dns) (default network,dns)
-f, --format OutputFormat Output format (checks, failures, debug) (default checks)
-h, --help help for validate
-q, --quiet Quiet mode
-v, --verbose count Increase verbosity# Validate networking and DNS for cluster
mosv validate my-cluster-id
# Only show problems
mosv validate my-cluster-id -f failures
# Verbose output with only network checks
mosv validate my-cluster-id --checks network -vv
# Quiet mode (errors only)
mosv validate my-cluster-id -q-
Cluster Discovery: Uses the
ocmCLI to retrieve cluster metadata including:- Cluster ID and infrastructure name
- Configured subnet IDs
- Cloud provider information
- Base domain
-
AWS Data Gathering: Concurrently collects AWS resource information:
- EC2 subnets, route tables, instances, and ENIs
- ELB Classic and Application/Network Load Balancers
- Route53 hosted zones and resource record sets
-
Validation: Runs configured checks against the gathered data:
- Network checks validate VPC configuration
- DNS checks validate Route53 configuration
-
Reporting: Outputs results in the requested format with appropriate severity levels
The tool follows a modular architecture with clear separation of concerns:
├── cmd/mosv/ # CLI entry point
├── internal/
│ ├── types.go # Core validation types (Verifier, Result, Severity)
│ ├── cli/ # Cobra-based CLI commands
│ ├── gatherers/ # Data collection framework
│ │ ├── gatherer.go # Generic Gatherer[T] interface
│ │ ├── cluster.go # Cluster info gathering via OCM
│ │ └── aws/ # AWS resource gathering (multiple files)
│ └── checks/ # Validation implementations
│ ├── network.go # Network validation checks
│ └── dns.go # DNS validation checks
- internal.Verifier: Core interface for validation checks
- internal.Result: Validation result with severity levels
- gatherers.Info: Cluster metadata from OCM
- gatherers.Gatherer[T]: Generic interface for collecting resources
- Concurrent Data Collection: Worker pools for efficient AWS API usage
- Flat Structure: Single files for each validation domain
- OSD (OpenShift Dedicated): Full support
- ROSA (Red Hat OpenShift Service on AWS): Full support
- HyperShift: Full support with specialized resource filtering
The tool requires AWS credentials with permissions to describe:
- EC2: subnets, route tables, instances, network interfaces, security groups
- ELB: load balancers (both classic and v2), tags
- Route53: hosted zones, resource record sets
make dev-setupmake test
# With coverage
make test-coveragemake lintmake build # Single platform
make build-all # Cross-platformThis tool provides identical functionality to the original Rust byovpc-checker with the same CLI interface:
- Same command structure and flags
- Same validation logic and checks
- Same integration with
ocmCLI - Compatible output format and messaging
The main differences:
- Written in Go instead of Rust
- Modular architecture for extensibility
- Enhanced error handling and logging
- Cross-platform binary distribution
- Fork the repository
- Create a feature branch
- Run tests and linting:
make test lint - Submit a pull request
[Add license information]
For issues and questions, please use the GitHub issue tracker.