v0.1.6

KubeLinter v0.1.6

Changes in this version: 0.1.5...0.1.6

Features

• Added support for packaged (TGZ) Helm charts (#121)
• Allowed specification of the topology key for the pod anti-affinity check (#112)

General Improvements

• Added variant of image that uses an Alpine base image (#118)
• Supported use of CLI flags to specify certain config options (#109)
• Moved a lot of code from internal to pkg to facilitate use as a library (#122)

v0.1.5

KubeLinter v0.1.5

Changes in this version: 0.1.4...0.1.5

Features

• Added new default check to prohibit containers to run with NEW_RAW capability. With this also added a new check template verify-container-capabilities to allow users to flexibly validate container capabilities (#104)

General Improvements

• Added unit test framework for testing templates (#111)
• Fixed several documentation related issues, fixed several broken links and added more instructions to README (#94, #95, #98, #102, etc.)

v0.1.4

KubeLinter v0.1.4

Changes in this version: 0.1.3...0.1.4

Features

• Added new default check to flag deployments exposing port 22, commonly reserved for SSH access
• Added a documentation site at docs.kubelinter.io

General Improvements

• Formalized issue and bug templates
• Disable pushing docker image by default. Apply label push-docker-image to the PR to push to docker hub.

Bugs Fixed

• Fixed the matching of the namespace in the danglingservice check (#83)

v0.1.3

KubeLinter v0.1.3

Changes in this version: 0.1.2...0.1.3

Features

• Added new default check to ensure labelSelector in deployments match pod labels
• Added new default check to enforce that objects with multiple replicas use inter-pod anti-affinity

General Improvements

• KubeLinter is now available on Homebrew and Linuxbrew.
• KubeLinter is now available as a Docker image at https://hub.docker.com/r/stackrox/kube-linter.

Bugs Fixed

• Fixed issue where the built-in check for secrets in env variable would fire even in secretKeyRefs (#72)
• Fixed typo in the remediation text for the deprecated service account check (#28)

v0.1.2

KubeLinter v0.1.2

Changes in this version: 0.1.1...0.1.2

Improvements

• KubeLinter now supports list objects, so you can run kubectl get deploy -o yaml | kube-linter lint - and have it succeed.

Bugs Fixed

• Fixed issue with make build on clean Mac. (#29)
• Fixed typo in the deprecated service account check's message (#28)

v0.1.1

KubeLinter v0.1.1

Bugs Fixed

• The format of ignore annotations has changed, since the earlier format did not pass API server validation. See the docs for details of the new format.

v0.1.0

KubeLinter v0.1.0

Major changes

• New checks and templates: We've added several new built-in checks and check templates. You can see the full list in our docs for templates and checks.
• Helm support: kube-linter lint now automatically detects Helm charts and renders them before linting them.
• Remediations: Checks now contain a "remediation" field, intended to tell the user what they need to do to fix the check. All built-in checks have this field populated.
• Support for ignore directives: You can now ignore specific violations for a given object using annotations. See the docs for more details.

v0.0.4

Refactor parameters to support arbitrary types (#10)

Instead of a map[string]string, support (almost) arbitrary parameters via a map[string]interface{}.

Use k8s-style methodology to describe the objects: ie, describe them as Go structs, embedding metadata in comments, and parse out the properties from that using the same library k8s uses, and then use code generation for the validation etc.

Also add a new check template (and built-in check) for forbidden API object versions.

v0.0.3

Upload release artifacts when a tag is cut (#8)

v0.0.2

Add a couple more check templates and built-in checks (#6)