stackrox / kube-linter

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.
https://docs.kubelinter.io/
Apache License 2.0
2.97k stars 234 forks source link

Golang Plugins for kube-linter #642

Open Voldemat opened 1 year ago

Voldemat commented 1 year ago

Description of the problem/feature request Ability to write your own custom plugins for linter, using golang. Looks like golang supports plugin loading through https://pkg.go.dev/plugin.

Description of the existing behavior vs. expected behavior Doesn`t exist yet.

Additional context Example of such plugin would be knative, as it has its own set of abstractions that you work with and I for example would like to check that my ingress controllers uses real knative services and applies required annotations for dns resolution. I would like to work on PR if you will be interested.

janisz commented 1 year ago

Looks like golang supports plugin loading through https://pkg.go.dev/plugin.

I think this is halfly baked feature :( We are thinking about having a way to declare CRDs maybe this could be done in some kind of scripting language #24

Voldemat commented 1 year ago

Why do you think so? I`m just curious, as don`t program in Go a lot, mostly Python and Typescript. On first glance sounds like a cool feature. For example we can define each custom linting rule as separate file, then compile it in docker build and load it in runtime when we call kube-linter.

janisz commented 1 year ago

Why do you think so?

Good question so I've asked chat gpt about it 😄


In my experience although they look like java jars or dynamic libs they are not close to this. Another thing is popularity, I've not seen many projects using it (although there are some. Even golangci/golangci-lint which could be perfect case for a plugin system is based on including a linters and compile them all into a single binary and other projects prefer subprocesses or some other solutions like traefik/yaegi or hashicorp/go-plugin

Other sources:

@mvdan: Because I think the Plugin package is a very good idea, but it's sort of half-baked. It has no Windows support, it's very easy to misuse... If somebody else builds a plugin and tries to run it with your binary, it's almost certainly not gonna work. So I think it's a great idea, but it should never have hit the standard library until it was finished.

Don’t use Go’s plug-in system, it’s essentially a hacked together mess that really should be deprecated.

Voldemat commented 1 year ago

ChatGPT saver of all) Yeah it makes sense, subprocess approach would be much better, only thing that can go wrong is performance.

AlanMasciangelo commented 1 year ago

I'm also looking to extend with fully custom checks but based on the examples it looks like only way is to fork and rebuild, is this correct?