Skip to content

kubeval

kubeval documentation

kubeval - GitHub

Configuration in Mega-Linter

Variable Description Default value
KUBERNETES_KUBEVAL_ARGUMENTS User custom arguments to add in linter CLI call
Ex: -s --foo "bar"
KUBERNETES_KUBEVAL_FILTER_REGEX_INCLUDE Custom regex including filter
Ex: (src|lib)
Include every file
KUBERNETES_KUBEVAL_FILTER_REGEX_EXCLUDE Custom regex excluding filter
Ex: (test|examples)
Exclude no file
KUBERNETES_KUBEVAL_FILE_EXTENSIONS Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all files
Ex: [".py", ""]
[".yml", ".yaml", ".json"]
KUBERNETES_KUBEVAL_FILE_NAMES_REGEX File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files
Ex: ["Dockerfile(-.+)?", "Jenkinsfile"]
Include every file
KUBERNETES_KUBEVAL_DISABLE_ERRORS Run linter but consider errors as warnings false
KUBERNETES_KUBEVAL_DISABLE_ERRORS_IF_LESS_THAN Maximum number of errors allowed 0
KUBERNETES_DIRECTORY Directory containing KUBERNETES files kubernetes

Mega-Linter Flavours

This linter is available in the following flavours

Flavor Description Embedded linters Info
all Default Mega-Linter Flavor 84 Docker Image Size (tag) Docker Pulls
dart Optimized for DART based projects 38 Docker Image Size (tag) Docker Pulls
documentation Mega-Linter for documentation projects 37 Docker Image Size (tag) Docker Pulls
dotnet Optimized for C, C++, C# or VB based projects 43 Docker Image Size (tag) Docker Pulls
go Optimized for GO based projects 39 Docker Image Size (tag) Docker Pulls
java Optimized for JAVA based projects 38 Docker Image Size (tag) Docker Pulls
javascript Optimized for JAVASCRIPT or TYPESCRIPT based projects 46 Docker Image Size (tag) Docker Pulls
php Optimized for PHP based projects 41 Docker Image Size (tag) Docker Pulls
python Optimized for PYTHON based projects 44 Docker Image Size (tag) Docker Pulls
ruby Optimized for RUBY based projects 38 Docker Image Size (tag) Docker Pulls
rust Optimized for RUST based projects 38 Docker Image Size (tag) Docker Pulls
salesforce Optimized for Salesforce based projects 38 Docker Image Size (tag) Docker Pulls
scala Optimized for SCALA based projects 38 Docker Image Size (tag) Docker Pulls
swift Optimized for SWIFT based projects 38 Docker Image Size (tag) Docker Pulls
terraform Optimized for TERRAFORM based projects 40 Docker Image Size (tag) Docker Pulls

Behind the scenes

How are identified applicable files

  • Activated only if sub-directory kubernetes is found. (directory name can be overridden with KUBERNETES_DIRECTORY)
  • File extensions: .yml, .yaml, .json
  • Detected file content (regex): apiVersion:, kustomize\.config\.k8s\.io, tekton

Example calls

kubeval -strict myfile.yml

Help content

Validate a Kubernetes YAML file against the relevant schema

Usage:
  kubeval <file> [file...] [flags]

Flags:
      --additional-schema-locations strings   Comma-seperated list of secondary base URLs used to download schemas
  -n, --default-namespace string              Namespace to assume in resources if no namespace is set in metadata:namespace (default "default")
  -d, --directories strings                   A comma-separated list of directories to recursively search for YAML documents
      --exit-on-error                         Immediately stop execution when the first error is encountered
  -f, --filename string                       filename to be displayed when testing manifests read from stdin (default "stdin")
      --force-color                           Force colored output even if stdout is not a TTY
  -h, --help                                  help for kubeval
      --ignore-missing-schemas                Skip validation for resource definitions without a schema
      --ignored-filename-patterns strings     An alias for ignored-path-patterns
  -i, --ignored-path-patterns strings         A comma-separated list of regular expressions specifying paths to ignore
      --insecure-skip-tls-verify              If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
  -v, --kubernetes-version string             Version of Kubernetes to validate against (default "master")
      --openshift                             Use OpenShift schemas instead of upstream Kubernetes
  -o, --output string                         The format of the output of this script. Options are: [stdout json tap]
      --quiet                                 Silences any output aside from the direct results
      --reject-kinds strings                  Comma-separated list of case-sensitive kinds to prohibit validating against schemas
  -s, --schema-location string                Base URL used to download schemas. Can also be specified with the environment variable KUBEVAL_SCHEMA_LOCATION.
      --skip-kinds strings                    Comma-separated list of case-sensitive kinds to skip when validating against schemas
      --strict                                Disallow additional properties not in schema
      --version                               version for kubeval

Installation on mega-linter Docker image

  • Dockerfile commands :
RUN wget -q https://github.com/instrumenta/kubeval/releases/latest/download/kubeval-linux-amd64.tar.gz \
    && tar xf kubeval-linux-amd64.tar.gz \
    && cp kubeval /usr/local/bin

Example success log

Results of kubeval linter (version 0.15.0)
See documentation on https://nvuillam.github.io/mega-linter/descriptors/kubernetes_kubeval/
-----------------------------------------------

[SUCCESS] .automation/test/kubernetes/kubernetes/kubeval_good_1.yaml
    PASS - .automation/test/kubernetes/kubernetes/kubeval_good_1.yaml contains a valid Deployment (nginx-deployment)

Example error log

Results of kubeval linter (version 0.15.0)
See documentation on https://nvuillam.github.io/mega-linter/descriptors/kubernetes_kubeval/
-----------------------------------------------

[ERROR] .automation/test/kubernetes/kubernetes/kubeval_bad_1.yaml
    ERR  - .automation/test/kubernetes/kubernetes/kubeval_bad_1.yaml: Missing 'metadata.name' key