Open viswajithiii opened 3 years ago
+1 for the feature! kube-linter is a great tool for GitOps and DevSecOps
@viswajithiii ; any plans to support Template
? in the same way, k8s List
and helm
are.
@viswajithiii ; any plans to support
Template
? in the same way, k8sList
andhelm
are.
Hmm, I'm not familiar with Template
. Can you elaborate on how it's used?
They are a way to provide a simple template for a list of resources (pre-helm, started in OCP3). Obviously, customers are migrating to better/other ways, but they are still used by a large number of customers.
cat << EOF > template.yaml
apiVersion: template.openshift.io/v1
kind: Template
metadata:
name: redis-template
annotations:
description: "Description"
iconClass: "icon-redis"
tags: "database,nosql"
objects:
- apiVersion: v1
kind: Pod
metadata:
name: redis-master
spec:
containers:
- env:
- name: REDIS_PASSWORD
value: ${REDIS_PASSWORD}
image: dockerfile/redis
name: master
ports:
- containerPort: 6379
protocol: TCP
parameters:
- description: Password used for Redis authentication
from: '[A-Z0-9]{8}'
generate: expression
name: REDIS_PASSWORD
EOF
oc process --local -f template.yaml
Hmm, got it. Interesting. It's definitely worth tracking, but as low priority -- meaning we are unlikely to do it anytime soon internally, but we will accept a PR if someone sends one our way.
There is a workaround to make OpenShift templates work with kube-linter: just transform the file using basic jq and/or yq commands, which is easily feasible in an automated environment.
An exemple:
oc process --local -f your-openshift-template.yaml \
-p NAME="some_name" \
-p ENV="prod" \
-p IMAGE="myregistry.mycompany.com/image:tag" \
-p SOME_OTHER_PARAM="someothervalue" \
-o yaml > list.yaml
file="list.json"
# For yq up to version 3.3.2:
# yq r --prettyPrint -j list.yaml > $file
# For yq version 4.8.0:
yq eval -o json list.yaml > $file
for k in $(jq '.items | keys | .[]' $file); do
echo "---" >> all.yaml
jq ".items[$k]" $file | yq e -P - >> all.yaml
done
rm -f $file list.yaml
kube-linter lint all.yaml
The idea is to give to kube-linter a native k8s object, there are many ways to do it but here's mine, and it is working like a charm!
@jfroment ; i already have some code that does that as I required it for OPA policies I was writing.
It does a bit more than you've suggested, but the idea is the same. Take in a yaml
file and convert it to single k8s resources.
The suggestion for this issue was purely based on a few options (List/Helm) that are already supported, so it would be nice to add in another (Templates)
Support checks on OpenShift objects. Suggestions we got were to look at
imagestreams
,deploymentconfigs
,buildconfigs
androutes
.