Viswajith Venugopal
Viswajith Venugopal
We should support linting custom resources. Some suggestions we've [got](https://www.reddit.com/r/kubernetes/comments/jjpqn5/introducing_kubelinter_an_open_source_linter_for/gaf4gvg) from users are: Prometheus Operator (specifically, PrometheusRule manifests), Cert Manager, ArgoCD, and Istio.
Support checks on OpenShift objects. Suggestions we [got](https://www.reddit.com/r/kubernetes/comments/jjpqn5/introducing_kubelinter_an_open_source_linter_for/gafycbk) were to look at `imagestreams`, `deploymentconfigs`, `buildconfigs` and `routes`.
This is required for `go get` to work correctly. Right now, the autogenerated go docs say we don't have a tagged version: https://pkg.go.dev/golang.stackrox.io/kube-linter This will require updates to the automation,...
**Description of the problem/feature request** Flag all YAML files with deprecated API versions. Allow users to optionally specify a k8s version, so the deprecated computation can be done against that...
(Also validate that the PSP and security context are compatible. And in another check, perhaps validate that the PSP is as tight as possible based on the security context.)
Currently, KubeLinter is permissive if a YAML file fails to parse. This is to handle the case where we are walking a directory and encounter files that aren't Kubernetes manifests....
Add checks that ensure to validate objects against the schema. This can be done by checking against the K8s OpenAPI spec. Some preliminary code is in https://github.com/stackrox/kube-linter/tree/viswa/checkpoint-swagger.
That is, ensure that all pods are non-isolated. Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/#isolated-and-non-isolated-pods
@crunchtime-ali [recommends](https://github.com/stackrox/kube-linter/pull/60#issue-518512773) https://github.com/marketplace/actions/bump-homebrew-formula.