cluster-bootstrap-cli validate <environment>Validates local configuration, secrets, and optional cluster access. This is a deeper check than doctor.
- Validates base directory and app path
- Verifies
kubectlandhelm - Checks current context and optional cluster access
- Validates encryption tooling
- Reads and validates secrets files
- Checks
.sops.yamlrules or.gitattributespatterns - Verifies repo reachability (git ls-remote)
- Optionally checks SSH key access to the repo
- Optionally runs Helm lint on the App of Apps chart
- Optionally checks ArgoCD CRDs
| Flag | Default | Description |
|---|---|---|
--encryption |
sops |
Encryption backend: sops or git-crypt |
--secrets-file |
auto | Path to secrets file (defaults to secrets.<env>.enc.yaml or secrets.<env>.yaml) |
--age-key-file |
— | Path to age private key (SOPS only) |
--app-path |
apps |
Path inside the Git repo for the App of Apps source |
--kubeconfig |
~/.kube/config |
Path to kubeconfig file |
--context |
current context | Kubeconfig context to use |
--skip-cluster-check |
false |
Skip cluster access checks |
--skip-repo-check |
false |
Skip repo reachability checks |
--skip-ssh-check |
false |
Skip SSH key repo access checks |
--skip-helm-lint |
false |
Skip Helm lint checks |
--skip-crd-check |
false |
Skip ArgoCD CRD checks |
--repo-timeout |
10 |
Timeout in seconds for repo checks |
--helm-timeout |
20 |
Timeout in seconds for helm lint checks |
# Default checks (SOPS)
cluster-bootstrap-cli validate dev
# git-crypt checks
cluster-bootstrap-cli validate dev --encryption git-crypt
# Skip cluster checks
cluster-bootstrap-cli validate dev --skip-cluster-check
# Skip repo checks
cluster-bootstrap-cli validate dev --skip-repo-check
# Use a specific kubeconfig and context
cluster-bootstrap-cli validate dev --kubeconfig ~/.kube/my-config --context my-cluster