KubeLinter: Open Source YAML Linter / HELM Linter for K8s
October 28, 2020 | by
Today, I’m excited to announce the launch ofKubeLinter, a new open source project from StackRox!
KubeLinter analyzes Kubernetes YAML files and Helm charts, and checks them against a variety of best practices, with a focus on production readiness and security. Scroll down to watch a video overview of KubeLinter.
KubeLinter was born out of a pain point that we know only too well at StackRox, both from our internal clusters, and from listening to ourcustomers: configuring Kubernetes applications is hard! There are lots of knobs and dials, and it can be overwhelming just to get your pods to come up and talk to each other. But even getting there doesn’t mean you’re ready to deploy in production – defaults in Kubernetes configurations are typically not geared towards security and production-readiness.
KubeLinter is written in Go and packaged as a static, self-contained binary, so it installs in seconds. Once you point it to your Helm charts and YAML files, you should see results near-instantaneously.
Out of the box, KubeLinter runs sensible default checks, designed to give you useful information without overwhelming you – for example, that you’re running containers as a non-root user, enforcing least privilege, and storing sensitive information only in secrets. KubeLinter is configurable, so you can enable and disable checks, as well as create your own custom checks, depending on the policies you want to follow in your team. We’ve designed KubeLinter to ensure that writing custom checks requires minimal work from the user, and has a very small learning curve.
KubeLinter can be integrated easily with your CI tool, whether that’s a GitHub Action, Jenkins, Travis CI or CircleCI. This way, linting your K8s files becomes an automated, hassle-free way for your developers to configure their applications for production use.
So, wait no more! Head on over tohttps://github.com/stackrox/kube-linterand get started. If you like it, please consider giving us a star, and send us your pull requests. Most importantly, tell us how we can make it better – what new checks we should add, and what additional functionality you would like to see. This is still very early days for the tool, and we’re looking forward to learning from the community, and iterating rapidly to make KubeLinter as amazing as possible. We can’t wait to hear from you!
Some Background The state of the art for application packaging and supply chain security for containers continues to evolve at a rapid pace. As a registry, Quay.io needs to strike a careful balance ...