-
Notifications
You must be signed in to change notification settings - Fork 239
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Ignore-paths parameter does not work with subcharts #575
Comments
Could you try using
refs: |
Thanks your feedback, I will try to test with this. |
Hi, I try to use these two commands, seems problem is till here. $ kube-linter lint ./ --config ./kube_linter.yaml --ignore-paths ./templates/test/**/*
KubeLinter development
templates/test/robot.yaml: (object: <no namespace>/robot-pod /v1, Kind=Pod) found matching serviceAccount ("") (check: default-service-account, remediation: Create a dedicated service account for your pod. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ for details.)
templates/test/robot.yaml: (object: <no namespace>/robot-pod /v1, Kind=Pod) container "robot-pod-container" does not specify a liveness probe (check: no-liveness-probe, remediation: Specify a liveness probe in your container. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ for details.)
templates/test/robot.yaml: (object: <no namespace>/robot-pod /v1, Kind=Pod) container "robot-pod-container" is not set to runAsNonRoot (check: run-as-non-root, remediation: Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.)
templates/test/robot.yaml: (object: <no namespace>/robot-pod /v1, Kind=Pod) resource specifies unsafe sysctl "net.ipv4.ip_local_port_range". (check: unsafe-sysctls, remediation: Ensure container does not allow unsafe allocation of system resources by removing unsafe sysctls configurations. For more details see https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ https://docs.docker.com/engine/reference/commandline/run/#configure-namespaced-kernel-parameters-sysctls-at-runtime.)
$ kube-linter lint ./ --config ./kube_linter.yaml --ignore-paths ./templates/test/robot.yaml
templates/test/robot.yaml: (object: <no namespace>/robot-pod /v1, Kind=Pod) found matching serviceAccount ("") (check: default-service-account, remediation: Create a dedicated service account for your pod. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ for details.)
templates/test/robot.yaml: (object: <no namespace>/robot-pod /v1, Kind=Pod) container "robot-pod-container" does not specify a liveness probe (check: no-liveness-probe, remediation: Specify a liveness probe in your container. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ for details.)
templates/test/robot.yaml: (object: <no namespace>/robot-pod /v1, Kind=Pod) container "robot-pod-container" is not set to runAsNonRoot (check: run-as-non-root, remediation: Set runAsUser to a non-zero number and runAsNonRoot to true in your pod or container securityContext. Refer to https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ for details.)
templates/test/robot.yaml: (object: <no namespace>/robot-pod /v1, Kind=Pod) resource specifies unsafe sysctl "net.ipv4.ip_local_port_range". (check: unsafe-sysctls, remediation: Ensure container does not allow unsafe allocation of system resources by removing unsafe sysctls configurations. For more details see https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/ https://docs.docker.com/engine/reference/commandline/run/#configure-namespaced-kernel-parameters-sysctls-at-runtime.)
templates/test/robot.yaml: (object: <no namespace>/robot-pod /v1, Kind=Pod) object in default namespace (check: use-namespace, remediation: Create namespaces for objects in your deployment.)
|
I also face the same problem, even when I use $ kube-linter lint .
KubeLinter v0.6.4-0-g4f0b1e01fd
...
charts/redis/templates/replicas/statefulset.yaml: (object: default/test-release-redis-replicas apps/v1, Kind=StatefulSet) container "redis" has memory request 0 (check: unset-memory-requirements, remediation: Set memory requests and limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.)
charts/redis/templates/replicas/statefulset.yaml: (object: default/test-release-redis-replicas apps/v1, Kind=StatefulSet) container "redis" has memory limit 0 (check: unset-memory-requirements, remediation: Set memory requests and limits for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.)
Error: found 51 lint errors Here's when I try to exclude one specific file: $ kube-linter lint --ignore-paths charts/redis/templates/replicas/statefulset.yaml .
...
Error: found 51 lint errors And here when I try to exclude all tgz archives of subcharts: $ kube-linter lint --ignore-paths '**/*.tgz' .
...
Error: found 51 lint errors I also tried with a config file, with no success: $ cat config.yaml
checks:
ignorePaths:
- "charts/**"
- "**/*.tgz"
$ kube-linter lint --config config.yaml .
...
Error: found 51 lint errors Here's my dir structure: $ tree
.
├── Chart.lock
├── charts
│ ├── common-2.4.0.tgz
│ ├── mysql-9.10.1.tgz
│ └── redis-17.11.3.tgz
├── Chart.yaml
├── config.yaml
├── README.md
├── templates
│ ├── deployment-backend.yaml
│ ├── deployment-frontend.yaml
│ ├── _helpers.tpl
│ ├── ingress.yaml
│ ├── NOTES.txt
│ ├── secret.yaml
│ ├── serviceaccount.yaml
│ └── service.yaml
└── values.yaml I'm using |
I can confirm this bug. I also want to ignore subcharts like bitnamis postgres or redis charts. But |
@janisz Can you help to response this issue, seems this is a bug for kube-linter. |
I'm sorry for delay. diff --git a/tests/testdata/mychart/Chart.yaml b/tests/testdata/mychart/Chart.yaml
index ac8a018..78862fe 100644
--- a/tests/testdata/mychart/Chart.yaml
+++ b/tests/testdata/mychart/Chart.yaml
@@ -4,3 +4,6 @@ description: A Helm chart for Kubernetes
name: mychart
type: application
version: 0.1.0
+dependencies:
+ - name: mychart
+ version: "0.1.0" I can confirm that ignore-paths does not work with subcharts. kube-linter/pkg/lintcontext/parse_yaml.go Line 93 in ab8a80b
The workaround will be to add ignored files in diff --git a/tests/testdata/mychart/.helmignore b/tests/testdata/mychart/.helmignore
index 0e8a0eb..44e93ed 100644
--- a/tests/testdata/mychart/.helmignore
+++ b/tests/testdata/mychart/.helmignore
@@ -21,3 +21,4 @@
.idea/
*.tmproj
.vscode/
+*.tgz Right now I see following solutions
+ tests/testdata/mychart/charts/mychart/templates/tests/test-connection.yaml
- tests/testdata/mychart/charts/mychart-0.2.0.tgz |
@janisz thanks for looking into it. Sadly, the workround with exluding the subcharts in the
|
Any possible development on this? |
I think we just ran into this issue specifically when trying to exclude subcharts. |
I will prepare a PR for this. |
Was this working in a previous version that I could use instead or has this been the behavior? I am currently on the latest 0.6.5 build. |
System info:
Describe the bug
I have a project and I want use kube-linter to san the helm chart, but I failed to ignore test path to use ignore-paths parameter.
Use this command to scan my project seems my test file still was reported by kube-linter, hope some one can help me what's wrong for my command, and I also try configure this with configuration like:
checks:
ignorePaths:
but I still failed.
To Reproduce
Expected behavior
Test directory can be ignored
Screenshots
Additional context
The text was updated successfully, but these errors were encountered: