Skip to content

kubeconform

GitHub stars GitHub release (latest SemVer) GitHub last commit GitHub commit activity GitHub contributors

kubeconform is a schema-aware Kubernetes manifest validation tool, that tends to have more up-to-date schema definitions than kubeval.

kubeconform documentation

kubeconform - GitHub

Configuration in MegaLinter

Variable Description Default value
KUBERNETES_KUBECONFORM_ARGUMENTS User custom arguments to add in linter CLI call
Ex: -s --foo "bar"
KUBERNETES_KUBECONFORM_COMMAND_REMOVE_ARGUMENTS User custom arguments to remove from command line before calling the linter
Ex: -s --foo "bar"
KUBERNETES_KUBECONFORM_FILTER_REGEX_INCLUDE Custom regex including filter
Ex: (src\|lib)
Include every file
KUBERNETES_KUBECONFORM_FILTER_REGEX_EXCLUDE Custom regex excluding filter
Ex: (test\|examples)
Exclude no file
KUBERNETES_KUBECONFORM_CLI_LINT_MODE Override default CLI lint mode
- file: Calls the linter for each file
- list_of_files: Call the linter with the list of files as argument
- project: Call the linter from the root of the project
list_of_files
KUBERNETES_KUBECONFORM_FILE_EXTENSIONS Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all files
Ex: [".py", ""]
[".yml", ".yaml", ".json"]
KUBERNETES_KUBECONFORM_FILE_NAMES_REGEX File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files
Ex: ["Dockerfile(-.+)?", "Jenkinsfile"]
Include every file
KUBERNETES_KUBECONFORM_PRE_COMMANDS List of bash commands to run before the linter None
KUBERNETES_KUBECONFORM_POST_COMMANDS List of bash commands to run after the linter None
KUBERNETES_KUBECONFORM_UNSECURED_ENV_VARIABLES List of env variables explicitly not filtered before calling KUBERNETES_KUBECONFORM and its pre/post commands None
KUBERNETES_KUBECONFORM_DISABLE_ERRORS Run linter but consider errors as warnings false
KUBERNETES_KUBECONFORM_DISABLE_ERRORS_IF_LESS_THAN Maximum number of errors allowed 0
KUBERNETES_KUBECONFORM_CLI_EXECUTABLE Override CLI executable ['kubeconform']
KUBERNETES_DIRECTORY Directory containing KUBERNETES files (use any to always activate the linter) kubernetes

MegaLinter Flavors

This linter is available in the following flavors

Flavor Description Embedded linters Info
all Default MegaLinter Flavor 124 Docker Image Size (tag) Docker Pulls
c_cpp Optimized for pure C/C++ projects 54 Docker Image Size (tag) Docker Pulls
cupcake MegaLinter for the most commonly used languages 83 Docker Image Size (tag) Docker Pulls
documentation MegaLinter for documentation projects 49 Docker Image Size (tag) Docker Pulls
dotnet Optimized for C, C++, C# or VB based projects 62 Docker Image Size (tag) Docker Pulls
dotnetweb Optimized for C, C++, C# or VB based projects with JS/TS 71 Docker Image Size (tag) Docker Pulls
go Optimized for GO based projects 51 Docker Image Size (tag) Docker Pulls
java Optimized for JAVA based projects 52 Docker Image Size (tag) Docker Pulls
javascript Optimized for JAVASCRIPT or TYPESCRIPT based projects 59 Docker Image Size (tag) Docker Pulls
php Optimized for PHP based projects 54 Docker Image Size (tag) Docker Pulls
python Optimized for PYTHON based projects 62 Docker Image Size (tag) Docker Pulls
ruby Optimized for RUBY based projects 50 Docker Image Size (tag) Docker Pulls
rust Optimized for RUST based projects 50 Docker Image Size (tag) Docker Pulls
salesforce Optimized for Salesforce based projects 54 Docker Image Size (tag) Docker Pulls
security Optimized for security 24 Docker Image Size (tag) Docker Pulls
swift Optimized for SWIFT based projects 50 Docker Image Size (tag) Docker Pulls
terraform Optimized for TERRAFORM based projects 54 Docker Image Size (tag) Docker Pulls

Behind the scenes

How are identified applicable files

  • Activated only if sub-directory kubernetes is found. (directory name can be overridden with KUBERNETES_DIRECTORY)
  • File extensions: .yml, .yaml, .json
  • Detected file content (regex): apiVersion:, kustomize\.config\.k8s\.io, tekton

How the linting is performed

  • kubeconform is called once with the list of files as arguments (list_of_files CLI lint mode)

Example calls

kubeconform myfile.yml
kubeconform -ignore-missing-schemas -skip SomeCRD,AnotherCRD -kubernetes-version '1.18.0' -strict myfile.yml

Help content

Usage: kubeconform [OPTION]... [FILE OR FOLDER]...
  -cache string
      cache schemas downloaded via HTTP to this folder
  -debug
      print debug information
  -exit-on-error
      immediately stop execution when the first error is encountered
  -h  show help information
  -ignore-filename-pattern value
      regular expression specifying paths to ignore (can be specified multiple times)
  -ignore-missing-schemas
      skip files with missing schemas instead of failing
  -insecure-skip-tls-verify
      disable verification of the server's SSL certificate. This will make your HTTPS connections insecure
  -kubernetes-version value
      version of Kubernetes to validate against, e.g.: 1.18.0 (default master)
  -n int
      number of goroutines to run concurrently (default 4)
  -output string
      output format - json, junit, pretty, tap, text (default "text")
  -reject string
      comma-separated list of kinds or GVKs to reject
  -schema-location value
      override schemas location search path (can be specified multiple times)
  -skip string
      comma-separated list of kinds or GVKs to ignore
  -strict
      disallow additional properties not in schema or duplicated keys
  -summary
      print a summary at the end (ignored for junit output)
  -v  show version information
  -verbose
      print results for all resources (ignored for tap and junit output)

Installation on mega-linter Docker image

  • Dockerfile commands :
# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform
ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.7-alpine
FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} AS kubeconform
COPY --link --from=kubeconform /kubeconform /usr/bin/