kubeconform
kubeconform
is a schema-aware Kubernetes manifest validation tool, that tends to have more up-to-date schema definitions than kubeval
.
kubeconform documentation
- Version in MegaLinter: 0.5.0
- Visit Official Web Site
Configuration in MegaLinter
- Enable kubeconform by adding
KUBERNETES_KUBECONFORM
in ENABLE_LINTERS variable - Disable kubeconform by adding
KUBERNETES_KUBECONFORM
in DISABLE_LINTERS variable
Variable | Description | Default value |
---|---|---|
KUBERNETES_KUBECONFORM_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
KUBERNETES_KUBECONFORM_FILTER_REGEX_INCLUDE | Custom regex including filter Ex: (src\|lib) |
Include every file |
KUBERNETES_KUBECONFORM_FILTER_REGEX_EXCLUDE | Custom regex excluding filter Ex: (test\|examples) |
Exclude no file |
KUBERNETES_KUBECONFORM_CLI_LINT_MODE | Override default CLI lint mode - file : Calls the linter for each file- list_of_files : Call the linter with the list of files as argument- project : Call the linter from the root of the project |
list_of_files |
KUBERNETES_KUBECONFORM_FILE_EXTENSIONS | Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all filesEx: [".py", ""] |
[".yml", ".yaml", ".json"] |
KUBERNETES_KUBECONFORM_FILE_NAMES_REGEX | File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files Ex: ["Dockerfile(-.+)?", "Jenkinsfile"] |
Include every file |
KUBERNETES_KUBECONFORM_PRE_COMMANDS | List of bash commands to run before the linter | None |
KUBERNETES_KUBECONFORM_POST_COMMANDS | List of bash commands to run after the linter | None |
KUBERNETES_KUBECONFORM_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
KUBERNETES_KUBECONFORM_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
KUBERNETES_DIRECTORY | Directory containing KUBERNETES files | kubernetes |
MegaLinter Flavours
This linter is available in the following flavours
Flavor | Description | Embedded linters | Info | |
---|---|---|---|---|
all | Default MegaLinter Flavor | 114 | ||
cupcake | MegaLinter for the most commonly used languages | 82 | ||
documentation | MegaLinter for documentation projects | 48 | ||
dotnet | Optimized for C, C++, C# or VB based projects | 60 | ||
go | Optimized for GO based projects | 50 | ||
java | Optimized for JAVA based projects | 51 | ||
javascript | Optimized for JAVASCRIPT or TYPESCRIPT based projects | 57 | ||
php | Optimized for PHP based projects | 51 | ||
python | Optimized for PYTHON based projects | 59 | ||
ruby | Optimized for RUBY based projects | 48 | ||
rust | Optimized for RUST based projects | 48 | ||
salesforce | Optimized for Salesforce based projects | 51 | ||
security | Optimized for security | 22 | ||
swift | Optimized for SWIFT based projects | 48 | ||
terraform | Optimized for TERRAFORM based projects | 53 |
Behind the scenes
How are identified applicable files
- Activated only if sub-directory
kubernetes
is found. (directory name can be overridden withKUBERNETES_DIRECTORY
) - File extensions:
.yml
,.yaml
,.json
- Detected file content (regex):
apiVersion:
,kustomize\.config\.k8s\.io
,tekton
How the linting is performed
- kubeconform is called once with the list of files as arguments (
list_of_files
CLI lint mode)
Example calls
kubeconform myfile.yml
kubeconform -ignore-missing-schemas -skip SomeCRD,AnotherCRD -kubernetes-version '1.18.0' -strict myfile.yml
Help content
Usage: kubeconform [OPTION]... [FILE OR FOLDER]...
-cache string
cache schemas downloaded via HTTP to this folder
-debug
print debug information
-exit-on-error
immediately stop execution when the first error is encountered
-h show help information
-ignore-filename-pattern value
regular expression specifying paths to ignore (can be specified multiple times)
-ignore-missing-schemas
skip files with missing schemas instead of failing
-insecure-skip-tls-verify
disable verification of the server's SSL certificate. This will make your HTTPS connections insecure
-kubernetes-version string
version of Kubernetes to validate against, e.g.: 1.18.0 (default "master")
-n int
number of goroutines to run concurrently (default 4)
-output string
output format - json, junit, tap, text (default "text")
-reject string
comma-separated list of kinds or GVKs to reject
-schema-location value
override schemas location search path (can be specified multiple times)
-skip string
comma-separated list of kinds or GVKs to ignore
-strict
disallow additional properties not in schema or duplicated keys
-summary
print a summary at the end (ignored for junit output)
-v show version information
-verbose
print results for all resources (ignored for tap and junit output)
Installation on mega-linter Docker image
- Dockerfile commands :
RUN ML_THIRD_PARTY_DIR="/third-party/kubeconform" \
&& KUBECONFORM_VERSION=v0.5.0 \
&& mkdir -p ${ML_THIRD_PARTY_DIR} \
&& wget -P ${ML_THIRD_PARTY_DIR} -q https://github.com/yannh/kubeconform/releases/download/$KUBECONFORM_VERSION/kubeconform-linux-amd64.tar.gz \
&& tar xf ${ML_THIRD_PARTY_DIR}/kubeconform-linux-amd64.tar.gz --directory ${ML_THIRD_PARTY_DIR} \
&& mv ${ML_THIRD_PARTY_DIR}/kubeconform /usr/local/bin \
&& rm ${ML_THIRD_PARTY_DIR}/kubeconform-linux-amd64.tar.gz \
&& find ${ML_THIRD_PARTY_DIR} -type f -not -name 'LICENSE*' -delete -o -type d -empty -delete