Skip to content

kubeval GitHub last commit

kubeval documentation

kubeval - GitHub

Configuration in MegaLinter

Variable Description Default value
KUBERNETES_KUBEVAL_ARGUMENTS User custom arguments to add in linter CLI call
Ex: -s --foo "bar"
KUBERNETES_KUBEVAL_FILTER_REGEX_INCLUDE Custom regex including filter
Ex: (src\|lib)
Include every file
KUBERNETES_KUBEVAL_FILTER_REGEX_EXCLUDE Custom regex excluding filter
Ex: (test\|examples)
Exclude no file
KUBERNETES_KUBEVAL_CLI_LINT_MODE Override default CLI lint mode
- file: Calls the linter for each file
- list_of_files: Call the linter with the list of files as argument
- project: Call the linter from the root of the project
file
KUBERNETES_KUBEVAL_FILE_EXTENSIONS Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all files
Ex: [".py", ""]
[".yml", ".yaml", ".json"]
KUBERNETES_KUBEVAL_FILE_NAMES_REGEX File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files
Ex: ["Dockerfile(-.+)?", "Jenkinsfile"]
Include every file
KUBERNETES_KUBEVAL_PRE_COMMANDS List of bash commands to run before the linter None
KUBERNETES_KUBEVAL_POST_COMMANDS List of bash commands to run after the linter None
KUBERNETES_KUBEVAL_DISABLE_ERRORS Run linter but consider errors as warnings false
KUBERNETES_KUBEVAL_DISABLE_ERRORS_IF_LESS_THAN Maximum number of errors allowed 0
KUBERNETES_DIRECTORY Directory containing KUBERNETES files kubernetes

MegaLinter Flavours

This linter is available in the following flavours

Flavor Description Embedded linters Info
all Default MegaLinter Flavor 109 Docker Image Size (tag) Docker Pulls
cupcake MegaLinter for the most commonly used languages 79 Docker Image Size (tag) Docker Pulls
documentation MegaLinter for documentation projects 46 Docker Image Size (tag) Docker Pulls
dotnet Optimized for C, C++, C# or VB based projects 56 Docker Image Size (tag) Docker Pulls
go Optimized for GO based projects 49 Docker Image Size (tag) Docker Pulls
java Optimized for JAVA based projects 50 Docker Image Size (tag) Docker Pulls
javascript Optimized for JAVASCRIPT or TYPESCRIPT based projects 55 Docker Image Size (tag) Docker Pulls
php Optimized for PHP based projects 50 Docker Image Size (tag) Docker Pulls
python Optimized for PYTHON based projects 57 Docker Image Size (tag) Docker Pulls
ruby Optimized for RUBY based projects 47 Docker Image Size (tag) Docker Pulls
rust Optimized for RUST based projects 47 Docker Image Size (tag) Docker Pulls
salesforce Optimized for Salesforce based projects 49 Docker Image Size (tag) Docker Pulls
security Optimized for security 21 Docker Image Size (tag) Docker Pulls
swift Optimized for SWIFT based projects 47 Docker Image Size (tag) Docker Pulls
terraform Optimized for TERRAFORM based projects 52 Docker Image Size (tag) Docker Pulls

Behind the scenes

How are identified applicable files

  • Activated only if sub-directory kubernetes is found. (directory name can be overridden with KUBERNETES_DIRECTORY)
  • File extensions: .yml, .yaml, .json
  • Detected file content (regex): apiVersion:, kustomize\.config\.k8s\.io, tekton

How the linting is performed

  • kubeval is called one time by identified file (file CLI lint mode)

Example calls

kubeval -strict myfile.yml

Help content

Validate a Kubernetes YAML file against the relevant schema

Usage:
  kubeval <file> [file...] [flags]

Flags:
      --additional-schema-locations strings   Comma-seperated list of secondary base URLs used to download schemas
  -n, --default-namespace string              Namespace to assume in resources if no namespace is set in metadata:namespace (default "default")
  -d, --directories strings                   A comma-separated list of directories to recursively search for YAML documents
      --exit-on-error                         Immediately stop execution when the first error is encountered
  -f, --filename string                       filename to be displayed when testing manifests read from stdin (default "stdin")
      --force-color                           Force colored output even if stdout is not a TTY
  -h, --help                                  help for kubeval
      --ignore-missing-schemas                Skip validation for resource definitions without a schema
      --ignored-filename-patterns strings     An alias for ignored-path-patterns
  -i, --ignored-path-patterns strings         A comma-separated list of regular expressions specifying paths to ignore
      --insecure-skip-tls-verify              If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kubernetes-version string             Version of Kubernetes to validate against (default "master")
      --openshift                             Use OpenShift schemas instead of upstream Kubernetes
  -o, --output string                         The format of the output of this script. Options are: [stdout json tap]
      --quiet                                 Silences any output aside from the direct results
      --reject-kinds strings                  Comma-separated list of case-sensitive kinds to prohibit validating against schemas
  -s, --schema-location string                Base URL used to download schemas. Can also be specified with the environment variable KUBEVAL_SCHEMA_LOCATION.
      --skip-kinds strings                    Comma-separated list of case-sensitive kinds to skip when validating against schemas
      --strict                                Disallow additional properties not in schema
      --version                               version for kubeval

Installation on mega-linter Docker image

  • Dockerfile commands :
RUN ML_THIRD_PARTY_DIR="/third-party/kubeval" \
    && mkdir -p ${ML_THIRD_PARTY_DIR} \
    && wget -P ${ML_THIRD_PARTY_DIR} -q https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-linux-amd64.tar.gz \
    && tar xf ${ML_THIRD_PARTY_DIR}/kubeval-linux-amd64.tar.gz --directory ${ML_THIRD_PARTY_DIR} \
    && mv ${ML_THIRD_PARTY_DIR}/kubeval /usr/local/bin \
    && rm ${ML_THIRD_PARTY_DIR}/kubeval-linux-amd64.tar.gz \
    && find ${ML_THIRD_PARTY_DIR} -type f -not -name 'LICENSE*' -delete -o -type d -empty -delete