Comments (7)
garethahealy
commented on August 20, 2024
1
@viswajithiii ; any plans to support Template? in the same way, k8s List and helm are.
from kube-linter.
mancubus77
commented on August 20, 2024
+1 for the feature!
kube-linter is a great tool for GitOps and DevSecOps
from kube-linter.
viswajithiii
commented on August 20, 2024
@viswajithiii ; any plans to support
Template? in the same way, k8sListandhelmare.
Hmm, I'm not familiar with Template. Can you elaborate on how it's used?
from kube-linter.
garethahealy
commented on August 20, 2024
They are a way to provide a simple template for a list of resources (pre-helm, started in OCP3). Obviously, customers are migrating to better/other ways, but they are still used by a large number of customers.
cat << EOF > template.yaml
apiVersion: template.openshift.io/v1
kind: Template
metadata:
name: redis-template
annotations:
description: "Description"
iconClass: "icon-redis"
tags: "database,nosql"
objects:
- apiVersion: v1
kind: Pod
metadata:
name: redis-master
spec:
containers:
- env:
- name: REDIS_PASSWORD
value: ${REDIS_PASSWORD}
image: dockerfile/redis
name: master
ports:
- containerPort: 6379
protocol: TCP
parameters:
- description: Password used for Redis authentication
from: '[A-Z0-9]{8}'
generate: expression
name: REDIS_PASSWORD
EOF
oc process --local -f template.yaml
from kube-linter.
viswajithiii
commented on August 20, 2024
Hmm, got it. Interesting. It's definitely worth tracking, but as low priority -- meaning we are unlikely to do it anytime soon internally, but we will accept a PR if someone sends one our way.
from kube-linter.
jfroment
commented on August 20, 2024
There is a workaround to make OpenShift templates work with kube-linter: just transform the file using basic jq and/or yq commands, which is easily feasible in an automated environment.
An exemple:
oc process --local -f your-openshift-template.yaml \
-p NAME="some_name" \
-p ENV="prod" \
-p IMAGE="myregistry.mycompany.com/image:tag" \
-p SOME_OTHER_PARAM="someothervalue" \
-o yaml > list.yaml
file="list.json"
# For yq up to version 3.3.2:
# yq r --prettyPrint -j list.yaml > $file
# For yq version 4.8.0:
yq eval -o json list.yaml > $file
for k in $(jq '.items | keys | .[]' $file); do
echo "---" >> all.yaml
jq ".items[$k]" $file | yq e -P - >> all.yaml
done
rm -f $file list.yaml
kube-linter lint all.yamlThe idea is to give to kube-linter a native k8s object, there are many ways to do it but here's mine, and it is working like a charm!
from kube-linter.
garethahealy
commented on August 20, 2024
@jfroment ; i already have some code that does that as I required it for OPA policies I was writing.
It does a bit more than you've suggested, but the idea is the same. Take in a yaml file and convert it to single k8s resources.
The suggestion for this issue was purely based on a few options (List/Helm) that are already supported, so it would be nice to add in another (Templates)
from kube-linter.
Related Issues (20)
- [FEATURE_REQUEST] Support Restart Policy
- [BUG] Linter reporting a low number of replicas for deployments with PDB and HPA minReplicas HOT 4
- Golang Plugins for kube-linter HOT 5
- [FEATURE_REQUEST] Add OpenShift SecurityContextConstraints
- [FEATURE_REQUEST] Explicit check for `securityContext.allowPrivilegeEscalation=false` on containers
- [Bug] no pods found matching service labels HOT 1
- [BUG] Release assets name HOT 1
- [FEATURE_REQUEST] Common target platforms (ie: linux/arm64)
- Change unset-cpu-requirements check
- Change unset-memory-requirements check
- [BUG] - since v0.6.6 linting from stdin doesn't work anymore with the command: kube-linter lint -
- [FEATURE_REQUEST] EnvVar ValueFrom checks
- [FEATURE_REQUEST] Merge arbitrary values.yaml when checking a helm chart
- [BUG] - service has no selector specified raised when using Endpoint
- [FEATURE_REQUEST] Expand `run-as-non-root` template to verify `runAsGroup` field is nonzero. HOT 1
- Include line and column number ranges for errors HOT 1
- [FEATURE_REQUEST] Need check for priorityClassName value
- [FEATURE_REQUEST] arm64 Docker image
- [FEATURE_REQUEST] New ObjectKind and Template for PersistentVolumeClaim and volumeClaimTemplates
- [BUG] no-rolling-update-strategy does not account for the default Strategy being RollingUpdate
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kube-linter.