Kubernetes isn’t easy. With many moving parts and so many points of entry, the list of what can go wrong is staggering. If you’re not creating pod and container manifests that adhere to standard best practices, the likelihood of error increases exponentially. That’s why you need to write YAML files that are as solid as possible.
When you have a large amount of elements at play, each of which configure various resources, it can be a real challenge to get it right. That’s why you should take advantage of the available tools, so you’re not writing manifests that go against best practices.
One way to check those YAML files is with kube-linter. The kube-linter command is a static analysis tool that checks your Kubernetes YAML files to ensure the configured applications within adhere to best practices.
I want to walk you through the process of installing kube-linter on Ubuntu Server. Once installed, we’ll go through the process of “linting” a sample YAML file.
SEE: Top cloud providers in 2020: AWS, Microsoft Azure, and Google Cloud, hybrid, SaaS players (TechRepublic)
What you’ll need
The kube-linter tool can be installed on Linux or macOS. I’m going to be demonstrating on Linux. You don’t have to install this software on your Kubernetes cluster, as you can always “lint” your YAML files on a separate machine and then move them to the Kubernetes cluster for deployment.
If you opt to use kube-lint on your cluster, you’ll want to install it on your controller. This cluster can be self-hosted or hosted on one of the many cloud providers, such as Google Cloud, AWS, or Microsoft Azure.
How to install Go
The first thing you must do is install Go on your Linux machine. We’ll install Go 1.15.4. To do that, download the necessary file with the command:
wget https://golang.org/dl/go1.15.4.linux-amd64.tar.gz
Unpack and move the newly created directory with the command:
sudo tar -C /usr/local -xzf go1.15.4.linux-amd64.tar.gz
Finally, add the go directory to your $PATH with the command:
export PATH=$PATH:/usr/local/go/bin
How to install kube-linter
Now we can install kube-linter. To do this, clone it from the Git repository with the command:
git clone https://github.com/stackrox/kube-linter.git
Change into the newly created directory with the command:
cd kube-linter
Build kube-linter with the command:
make build
If you find the make command isn’t available, install it with the command:
sudo apt-get install make -y
The make build command will take between five to 10 minutes to complete. When it does finally finish, you need to copy the kube-linter executable into the necessary dorectpru. Do that with the command:
sudo cp .gobin/kube-linter /usr/bin/
Also copy the packr command into the same directory with:
sudo cp .gobin/packr /usr/bin/
How to test your YAML file
It’s now time to test that first YAML file. Let’s use the sample from the official kube-linter git page–it offers some good insight into best practices. Create that file with the command:
nano pod.yaml
Paste the following into that file:
apiVersion: v1
kind: Pod
metadata:
name: security-context-demo
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
volumes:
- name: sec-ctx-vol
emptyDir: {}
containers:
- name: sec-ctx-demo
image: busybox
resources:
requests:
memory: "64Mi"
cpu: "250m"
command: [ "sh", "-c", "sleep 1h" ]
volumeMounts:
- name: sec-ctx-vol
mountPath: /data/demo
securityContext:
allowPrivilegeEscalation: false
Save and close the file.
Run the test with the command:
kube-linter lint pod.yaml
The linter will come back (almost immediately) with the results (Figure A).
Figure A
Now that you see how well this tool can check YAML files against best practices, run it with your own manifests to see how well you’ve done. If kube-linter finds issues (which it probably will), make sure to address them and then deploy or redeploy your pods or containers.
This tool should be considered a must-use in your DevOps pipeline. You don’t want to be deploying pods and containers that don’t adhere to best practices to your cloud providers–especially when those applications and services could cause your deployments to cost you considerable resources and money. With a little extra work, you can deploy pods and containers that are much better suited for your company needs and bottom line.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.