kubeval
kubeval documentation
- Version in MegaLinter: 0.16.1
- Visit Official Web Site
Configuration in MegaLinter
- Enable kubeval by adding
KUBERNETES_KUBEVAL
in ENABLE_LINTERS variable - Disable kubeval by adding
KUBERNETES_KUBEVAL
in DISABLE_LINTERS variable
Variable | Description | Default value |
---|---|---|
KUBERNETES_KUBEVAL_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
KUBERNETES_KUBEVAL_FILTER_REGEX_INCLUDE | Custom regex including filter Ex: (src\|lib) |
Include every file |
KUBERNETES_KUBEVAL_FILTER_REGEX_EXCLUDE | Custom regex excluding filter Ex: (test\|examples) |
Exclude no file |
KUBERNETES_KUBEVAL_CLI_LINT_MODE | Override default CLI lint mode - file : Calls the linter for each file- list_of_files : Call the linter with the list of files as argument- project : Call the linter from the root of the project |
{linter.cli_lint_mode} |
KUBERNETES_KUBEVAL_FILE_EXTENSIONS | Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all filesEx: [".py", ""] |
[".yml", ".yaml", ".json"] |
KUBERNETES_KUBEVAL_FILE_NAMES_REGEX | File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files Ex: ["Dockerfile(-.+)?", "Jenkinsfile"] |
Include every file |
KUBERNETES_KUBEVAL_PRE_COMMANDS | List of bash commands to run before the linter | None |
KUBERNETES_KUBEVAL_POST_COMMANDS | List of bash commands to run after the linter | None |
KUBERNETES_KUBEVAL_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
KUBERNETES_KUBEVAL_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
KUBERNETES_DIRECTORY | Directory containing KUBERNETES files | kubernetes |
MegaLinter Flavours
This linter is available in the following flavours
Flavor | Description | Embedded linters | Info | |
---|---|---|---|---|
all | Default MegaLinter Flavor | 95 | ||
dart | Optimized for DART based projects | 41 | ||
documentation | MegaLinter for documentation projects | 40 | ||
dotnet | Optimized for C, C++, C# or VB based projects | 47 | ||
go | Optimized for GO based projects | 42 | ||
java | Optimized for JAVA based projects | 42 | ||
javascript | Optimized for JAVASCRIPT or TYPESCRIPT based projects | 49 | ||
php | Optimized for PHP based projects | 44 | ||
python | Optimized for PYTHON based projects | 49 | ||
ruby | Optimized for RUBY based projects | 41 | ||
rust | Optimized for RUST based projects | 41 | ||
salesforce | Optimized for Salesforce based projects | 43 | ||
scala | Optimized for SCALA based projects | 41 | ||
swift | Optimized for SWIFT based projects | 41 | ||
terraform | Optimized for TERRAFORM based projects | 46 |
Behind the scenes
How are identified applicable files
- Activated only if sub-directory
kubernetes
is found. (directory name can be overridden withKUBERNETES_DIRECTORY
) - File extensions:
.yml
,.yaml
,.json
- Detected file content (regex):
apiVersion:
,kustomize\.config\.k8s\.io
,tekton
How the linting is performed
- kubeval is called one time by identified file
Example calls
kubeval -strict myfile.yml
Help content
Validate a Kubernetes YAML file against the relevant schema
Usage:
kubeval <file> [file...] [flags]
Flags:
--additional-schema-locations strings Comma-seperated list of secondary base URLs used to download schemas
-n, --default-namespace string Namespace to assume in resources if no namespace is set in metadata:namespace (default "default")
-d, --directories strings A comma-separated list of directories to recursively search for YAML documents
--exit-on-error Immediately stop execution when the first error is encountered
-f, --filename string filename to be displayed when testing manifests read from stdin (default "stdin")
--force-color Force colored output even if stdout is not a TTY
-h, --help help for kubeval
--ignore-missing-schemas Skip validation for resource definitions without a schema
--ignored-filename-patterns strings An alias for ignored-path-patterns
-i, --ignored-path-patterns strings A comma-separated list of regular expressions specifying paths to ignore
--insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
-v, --kubernetes-version string Version of Kubernetes to validate against (default "master")
--openshift Use OpenShift schemas instead of upstream Kubernetes
-o, --output string The format of the output of this script. Options are: [stdout json tap]
--quiet Silences any output aside from the direct results
--reject-kinds strings Comma-separated list of case-sensitive kinds to prohibit validating against schemas
-s, --schema-location string Base URL used to download schemas. Can also be specified with the environment variable KUBEVAL_SCHEMA_LOCATION.
--skip-kinds strings Comma-separated list of case-sensitive kinds to skip when validating against schemas
--strict Disallow additional properties not in schema
--version version for kubeval
Installation on mega-linter Docker image
- Dockerfile commands :
RUN wget -q https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-linux-amd64.tar.gz \
&& tar xf kubeval-linux-amd64.tar.gz \
&& cp kubeval /usr/local/bin
Example success log
Results of kubeval linter (version 0.15.0)
See documentation on https://megalinter.github.io/descriptors/kubernetes_kubeval/
-----------------------------------------------
[SUCCESS] .automation/test/kubernetes/kubernetes/kubeval_good_1.yaml
PASS - .automation/test/kubernetes/kubernetes/kubeval_good_1.yaml contains a valid Deployment (nginx-deployment)
Example error log
Results of kubeval linter (version 0.15.0)
See documentation on https://megalinter.github.io/descriptors/kubernetes_kubeval/
-----------------------------------------------
[ERROR] .automation/test/kubernetes/kubernetes/kubeval_bad_1.yaml
ERR - .automation/test/kubernetes/kubernetes/kubeval_bad_1.yaml: Missing 'metadata.name' key