Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add kubelinter #521

Merged
merged 4 commits into from
Feb 14, 2024
Merged

add kubelinter #521

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
a0721a6
kubelint
kdai7 Feb 13, 2024
e664406
Update kubelint-config.yaml
kdai7 Feb 13, 2024
7bfb11e
Add markdownlint as a dev dependency
adamkingit Feb 14, 2024
c1a8ee5
move kubelint download
kdai7 Feb 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ before_install:
- export WS_PRODUCTNAME=${WS_PRODUCTNAME}
- export WS_PROJECTNAME=MustacheTemplate
- export WS_WSS_URL=https://ibmets.whitesourcesoftware.com/agent
- ./build/download-kubelint.sh

script:
# Audit npm packages. Fail build whan a PR audit fails, otherwise report the vulnerability and proceed.
Expand All @@ -23,6 +24,7 @@ script:
- if [ -n "${TRAVIS_TAG}" ]; then docker tag quay.io/razee/mustachetemplate:${TRAVIS_COMMIT} quay.io/razee/mustachetemplate:${TRAVIS_TAG}; fi
- docker images
- ./build/process-template.sh kubernetes/MustacheTemplate/resource.yaml >/tmp/resource.yaml
- kubelint /tmp/resource.yaml
- if [[ "${TRAVIS_TAG}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then npm version --no-git-tag-version "${TRAVIS_TAG}"; fi
# Perform UA scan on non-PR builds
- if [ "${TRAVIS_PULL_REQUEST}" = "false" ]; then curl -LJO https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar; java -jar wss-unified-agent.jar -d . || echo "UA Scan Error occurred"; fi
Expand Down
23 changes: 23 additions & 0 deletions build/download-kubelint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
#!/bin/bash
kubelint() {
DEPLOYMENT_DIR="${1}"
KUBELINT_CONFIG="${2}"
KUBELINT_VERSION="${3}"
if [[ -z "${DEPLOYMENT_DIR}" ]]; then
echo "usage: 'kubelint DEPLOYMENT_DIR KUBELINT_CONFIG KUBELINT_VERSION'"
exit 1
fi
[[ -z "${KUBELINT_VERSION}" ]] && KUBELINT_VERSION=latest
[[ -z "${KUBELINT_CONFIG}" ]] && KUBELINT_CONFIG=kubelint-config.yaml
mkdir -p "${HOME}/bin"
curl -sL -o "${HOME}/bin/kube-linter" "https://github.com/stackrox/kube-linter/releases/${KUBELINT_VERSION}/download/kube-linter-linux"
chmod +x "${HOME}/bin/kube-linter"
if [[ "$FAIL_ON_INVALID_RESOURCE" = "false" ]]; then
kube-linter lint -v --fail-if-no-objects-found "${DEPLOYMENT_DIR}" --config "${KUBELINT_CONFIG}"
else
kube-linter lint -v --fail-on-invalid-resource --fail-if-no-objects-found "${DEPLOYMENT_DIR}" --config "${KUBELINT_CONFIG}"
fi
}
mkdir -p "${HOME}/bin"
echo -e "#!/bin/bash\n$(declare -f kubelint)\nkubelint \"\$@\"" > "${HOME}/bin/kubelint"
chmod +x "${HOME}/bin/kubelint"
17 changes: 17 additions & 0 deletions kubelint-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---
checks:
exclude:
- "no-read-only-root-fs" # impacts AT event writing
- "unset-cpu-requirements" # cpu limits are bad https://home.robusta.dev/blog/stop-using-cpu-limits
- "mismatching-selector" # selectors are immutable
- "non-existent-service-account" # razeedeploy-sa created in razeedeploy-delta
customChecks:
- name: ensure-environment-variables-populated
template: env-var
params:
name: "."
value: \$.* #ensures no environment variable values in the deployment start with a $
remediation: Ensure all of your environment variables are correctly substituted with envstub
scope:
objectKinds:
- DeploymentLike
88 changes: 88 additions & 0 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@
"chai": "^4.3.6",
"dockerlint": "^0.3.9",
"eslint": "^8.23.0",
"markdownlint": "^0.33.0",
"mocha": "^10.0.0",
"nock": "^13.2.9",
"npm-run-all": "^4.1.5",
Expand Down