kubeconform
kubeconform
is a schema-aware Kubernetes manifest validation tool, that tends to have more up-to-date schema definitions than kubeval
.
kubeconform documentation
- Version in MegaLinter: 0.6.7
- Visit Official Web Site
Configuration in MegaLinter
- Enable kubeconform by adding
KUBERNETES_KUBECONFORM
in ENABLE_LINTERS variable - Disable kubeconform by adding
KUBERNETES_KUBECONFORM
in DISABLE_LINTERS variable
Variable | Description | Default value |
---|---|---|
KUBERNETES_KUBECONFORM_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
KUBERNETES_KUBECONFORM_COMMAND_REMOVE_ARGUMENTS | User custom arguments to remove from command line before calling the linter Ex: -s --foo "bar" |
|
KUBERNETES_KUBECONFORM_FILTER_REGEX_INCLUDE | Custom regex including filter Ex: (src\|lib) |
Include every file |
KUBERNETES_KUBECONFORM_FILTER_REGEX_EXCLUDE | Custom regex excluding filter Ex: (test\|examples) |
Exclude no file |
KUBERNETES_KUBECONFORM_CLI_LINT_MODE | Override default CLI lint mode - file : Calls the linter for each file- list_of_files : Call the linter with the list of files as argument- project : Call the linter from the root of the project |
list_of_files |
KUBERNETES_KUBECONFORM_FILE_EXTENSIONS | Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all filesEx: [".py", ""] |
[".yml", ".yaml", ".json"] |
KUBERNETES_KUBECONFORM_FILE_NAMES_REGEX | File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files Ex: ["Dockerfile(-.+)?", "Jenkinsfile"] |
Include every file |
KUBERNETES_KUBECONFORM_PRE_COMMANDS | List of bash commands to run before the linter | None |
KUBERNETES_KUBECONFORM_POST_COMMANDS | List of bash commands to run after the linter | None |
KUBERNETES_KUBECONFORM_UNSECURED_ENV_VARIABLES | List of env variables explicitly not filtered before calling KUBERNETES_KUBECONFORM and its pre/post commands | None |
KUBERNETES_KUBECONFORM_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
KUBERNETES_KUBECONFORM_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
KUBERNETES_KUBECONFORM_CLI_EXECUTABLE | Override CLI executable | ['kubeconform'] |
KUBERNETES_DIRECTORY | Directory containing KUBERNETES files (use any to always activate the linter) |
kubernetes |
MegaLinter Flavors
This linter is available in the following flavors
Flavor | Description | Embedded linters | Info | |
---|---|---|---|---|
all | Default MegaLinter Flavor | 124 | ||
c_cpp | Optimized for pure C/C++ projects | 54 | ||
cupcake | MegaLinter for the most commonly used languages | 83 | ||
documentation | MegaLinter for documentation projects | 49 | ||
dotnet | Optimized for C, C++, C# or VB based projects | 62 | ||
dotnetweb | Optimized for C, C++, C# or VB based projects with JS/TS | 71 | ||
go | Optimized for GO based projects | 51 | ||
java | Optimized for JAVA based projects | 52 | ||
javascript | Optimized for JAVASCRIPT or TYPESCRIPT based projects | 59 | ||
php | Optimized for PHP based projects | 54 | ||
python | Optimized for PYTHON based projects | 62 | ||
ruby | Optimized for RUBY based projects | 50 | ||
rust | Optimized for RUST based projects | 50 | ||
salesforce | Optimized for Salesforce based projects | 54 | ||
security | Optimized for security | 24 | ||
swift | Optimized for SWIFT based projects | 50 | ||
terraform | Optimized for TERRAFORM based projects | 54 |
Behind the scenes
How are identified applicable files
- Activated only if sub-directory
kubernetes
is found. (directory name can be overridden withKUBERNETES_DIRECTORY
) - File extensions:
.yml
,.yaml
,.json
- Detected file content (regex):
apiVersion:
,kustomize\.config\.k8s\.io
,tekton
How the linting is performed
- kubeconform is called once with the list of files as arguments (
list_of_files
CLI lint mode)
Example calls
kubeconform myfile.yml
kubeconform -ignore-missing-schemas -skip SomeCRD,AnotherCRD -kubernetes-version '1.18.0' -strict myfile.yml
Help content
Usage: kubeconform [OPTION]... [FILE OR FOLDER]...
-cache string
cache schemas downloaded via HTTP to this folder
-debug
print debug information
-exit-on-error
immediately stop execution when the first error is encountered
-h show help information
-ignore-filename-pattern value
regular expression specifying paths to ignore (can be specified multiple times)
-ignore-missing-schemas
skip files with missing schemas instead of failing
-insecure-skip-tls-verify
disable verification of the server's SSL certificate. This will make your HTTPS connections insecure
-kubernetes-version value
version of Kubernetes to validate against, e.g.: 1.18.0 (default master)
-n int
number of goroutines to run concurrently (default 4)
-output string
output format - json, junit, pretty, tap, text (default "text")
-reject string
comma-separated list of kinds or GVKs to reject
-schema-location value
override schemas location search path (can be specified multiple times)
-skip string
comma-separated list of kinds or GVKs to ignore
-strict
disallow additional properties not in schema or duplicated keys
-summary
print a summary at the end (ignored for junit output)
-v show version information
-verbose
print results for all resources (ignored for tap and junit output)
Installation on mega-linter Docker image
- Dockerfile commands :
# renovate: datasource=docker depName=ghcr.io/yannh/kubeconform
ARG KUBERNETES_KUBECONFORM_VERSION=v0.6.7-alpine
FROM ghcr.io/yannh/kubeconform:${KUBERNETES_KUBECONFORM_VERSION} AS kubeconform
COPY --link --from=kubeconform /kubeconform /usr/bin/