v0.2.3

KubeLinter v0.2.3

Changes in this version: 0.2.2...0.2.3

Features

• Add template for imagePullPolicy checks (#202 )
• Add check for improper-container-image-tag (#191)
• Add template for update strategy and a basic check (#190)
• Add templates/checks for CIS Benchmarks for RBAC, secret, and namespace (#188)
• Add check for minimum number of replicas (#185)

Bug Fixes

v0.2.2

KubeLinter v0.2.2

Changes in this version: 0.2.1...0.2.2

Features

• Add about a dozen new templates and built-in checks based on Docker CIS benchmarks (#170)
• Add SARIF output (#160)

Bug Fixes

• Make the default service account check not fail when AutomountServiceAccountToken is false (#166)

v0.2.1

KubeLinter v0.2.1

Changes in this version: 0.2.0...0.2.1

Features

• Add JSON output (#131)

Bug Fixes

• Fix regression where kube-linter lint would fail on Windows (#162)

v0.2.0

KubeLinter v0.2.0

Changes in this version: 0.1.6...0.2.0

Features

• Add OpenShift DeploymentConfig Schema (#153)

General Improvements

• Update Kube library dependencies to 1.20 (#138)
• Update to Go 1.16 (#151)
• Add default names for config files (#148)

Bug Fixes

• Fix bug where some options in the config file were not honoured (#150)

v0.1.6

KubeLinter v0.1.6

Changes in this version: 0.1.5...0.1.6

Features

• Added support for packaged (TGZ) Helm charts (#121)
• Allowed specification of the topology key for the pod anti-affinity check (#112)

General Improvements

• Added variant of image that uses an Alpine base image (#118)
• Supported use of CLI flags to specify certain config options (#109)
• Moved a lot of code from internal to pkg to facilitate use as a library (#122)

v0.1.5

KubeLinter v0.1.5

Changes in this version: 0.1.4...0.1.5

Features

• Added new default check to prohibit containers to run with NEW_RAW capability. With this also added a new check template verify-container-capabilities to allow users to flexibly validate container capabilities (#104)

General Improvements

• Added unit test framework for testing templates (#111)
• Fixed several documentation related issues, fixed several broken links and added more instructions to README (#94, #95, #98, #102, etc.)

v0.1.4

KubeLinter v0.1.4

Changes in this version: 0.1.3...0.1.4

Features

• Added new default check to flag deployments exposing port 22, commonly reserved for SSH access
• Added a documentation site at docs.kubelinter.io

General Improvements

• Formalized issue and bug templates
• Disable pushing docker image by default. Apply label push-docker-image to the PR to push to docker hub.

Bugs Fixed

• Fixed the matching of the namespace in the danglingservice check (#83)

v0.1.3

KubeLinter v0.1.3

Changes in this version: 0.1.2...0.1.3

Features

• Added new default check to ensure labelSelector in deployments match pod labels
• Added new default check to enforce that objects with multiple replicas use inter-pod anti-affinity

General Improvements

• KubeLinter is now available on Homebrew and Linuxbrew.
• KubeLinter is now available as a Docker image at https://hub.docker.com/r/stackrox/kube-linter.

Bugs Fixed

• Fixed issue where the built-in check for secrets in env variable would fire even in secretKeyRefs (#72)
• Fixed typo in the remediation text for the deprecated service account check (#28)

v0.1.2

KubeLinter v0.1.2

Changes in this version: 0.1.1...0.1.2

Improvements

• KubeLinter now supports list objects, so you can run kubectl get deploy -o yaml | kube-linter lint - and have it succeed.

Bugs Fixed

• Fixed issue with make build on clean Mac. (#29)
• Fixed typo in the deprecated service account check's message (#28)

v0.1.1

KubeLinter v0.1.1

Bugs Fixed

• The format of ignore annotations has changed, since the earlier format did not pass API server validation. See the docs for details of the new format.