kubeconform
kubeconform is a schema-aware Kubernetes manifest validation tool, that tends to have more up-to-date schema definitions than kubeval.
kubeconform documentation
- Version in MegaLinter: 0.6.4
- Visit Official Web Site
Configuration in MegaLinter
- Enable kubeconform by adding
KUBERNETES_KUBECONFORMin ENABLE_LINTERS variable - Disable kubeconform by adding
KUBERNETES_KUBECONFORMin DISABLE_LINTERS variable
| Variable | Description | Default value |
|---|---|---|
| KUBERNETES_KUBECONFORM_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
| KUBERNETES_KUBECONFORM_COMMAND_REMOVE_ARGUMENTS | User custom arguments to remove from command line before calling the linter Ex: -s --foo "bar" |
|
| KUBERNETES_KUBECONFORM_FILTER_REGEX_INCLUDE | Custom regex including filter Ex: (src\|lib) |
Include every file |
| KUBERNETES_KUBECONFORM_FILTER_REGEX_EXCLUDE | Custom regex excluding filter Ex: (test\|examples) |
Exclude no file |
| KUBERNETES_KUBECONFORM_CLI_LINT_MODE | Override default CLI lint mode - file: Calls the linter for each file- list_of_files: Call the linter with the list of files as argument- project: Call the linter from the root of the project |
list_of_files |
| KUBERNETES_KUBECONFORM_FILE_EXTENSIONS | Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all filesEx: [".py", ""] |
[".yml", ".yaml", ".json"] |
| KUBERNETES_KUBECONFORM_FILE_NAMES_REGEX | File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files Ex: ["Dockerfile(-.+)?", "Jenkinsfile"] |
Include every file |
| KUBERNETES_KUBECONFORM_PRE_COMMANDS | List of bash commands to run before the linter | None |
| KUBERNETES_KUBECONFORM_POST_COMMANDS | List of bash commands to run after the linter | None |
| KUBERNETES_KUBECONFORM_UNSECURED_ENV_VARIABLES | List of env variables explicitly not filtered before calling KUBERNETES_KUBECONFORM and its pre/post commands | None |
| KUBERNETES_KUBECONFORM_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
| KUBERNETES_KUBECONFORM_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
| KUBERNETES_KUBECONFORM_CLI_EXECUTABLE | Override CLI executable | ['kubeconform'] |
| KUBERNETES_DIRECTORY | Directory containing KUBERNETES files (use any to always activate the linter) |
kubernetes |
MegaLinter Flavours
This linter is available in the following flavours
| Flavor | Description | Embedded linters | Info | |
|---|---|---|---|---|
 |
all | Default MegaLinter Flavor | 121 |   |
| c_cpp | Optimized for pure C/C++ projects | 55 |   |
|
| cupcake | MegaLinter for the most commonly used languages | 84 |   |
|
| documentation | MegaLinter for documentation projects | 51 |   |
|
| dotnet | Optimized for C, C++, C# or VB based projects | 64 |   |
|
| dotnetweb | Optimized for C, C++, C# or VB based projects with JS/TS | 73 |   |
|
| go | Optimized for GO based projects | 53 |   |
|
| java | Optimized for JAVA based projects | 54 |   |
|
| javascript | Optimized for JAVASCRIPT or TYPESCRIPT based projects | 60 |   |
|
| php | Optimized for PHP based projects | 54 |   |
|
| python | Optimized for PYTHON based projects | 62 |   |
|
| ruby | Optimized for RUBY based projects | 51 |   |
|
| rust | Optimized for RUST based projects | 51 |   |
|
| salesforce | Optimized for Salesforce based projects | 55 |   |
|
| security | Optimized for security | 24 |   |
|
| swift | Optimized for SWIFT based projects | 51 |   |
|
| terraform | Optimized for TERRAFORM based projects | 55 |   |
Behind the scenes
How are identified applicable files
- Activated only if sub-directory
kubernetesis found. (directory name can be overridden withKUBERNETES_DIRECTORY) - File extensions:
.yml,.yaml,.json - Detected file content (regex):
apiVersion:,kustomize\.config\.k8s\.io,tekton
How the linting is performed
- kubeconform is called once with the list of files as arguments (
list_of_filesCLI lint mode)
Example calls
kubeconform myfile.yml
kubeconform -ignore-missing-schemas -skip SomeCRD,AnotherCRD -kubernetes-version '1.18.0' -strict myfile.yml
Help content
Usage: kubeconform [OPTION]... [FILE OR FOLDER]...
-cache string
cache schemas downloaded via HTTP to this folder
-debug
print debug information
-exit-on-error
immediately stop execution when the first error is encountered
-h show help information
-ignore-filename-pattern value
regular expression specifying paths to ignore (can be specified multiple times)
-ignore-missing-schemas
skip files with missing schemas instead of failing
-insecure-skip-tls-verify
disable verification of the server's SSL certificate. This will make your HTTPS connections insecure
-kubernetes-version string
version of Kubernetes to validate against, e.g.: 1.18.0 (default "master")
-n int
number of goroutines to run concurrently (default 4)
-output string
output format - json, junit, pretty, tap, text (default "text")
-reject string
comma-separated list of kinds or GVKs to reject
-schema-location value
override schemas location search path (can be specified multiple times)
-skip string
comma-separated list of kinds or GVKs to ignore
-strict
disallow additional properties not in schema or duplicated keys
-summary
print a summary at the end (ignored for junit output)
-v show version information
-verbose
print results for all resources (ignored for tap and junit output)
Installation on mega-linter Docker image
- Dockerfile commands :
FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform
COPY --link --from=kubeconform /kubeconform /usr/bin/