v0.6.0

Changes

• Add ignore paths @titanlien (#460)
• Add check for duplicate name env var @charlesoconor (#461)
• Allow ignoring specific labels in dangling service selector check @heckler1 (#465)

⬆️ Dependencies

8 changes

• Bump docker/metadata-action from 4.2.0 to 4.3.0 @dependabot (#472)
• Bump docker/build-push-action from 3.2.0 to 3.3.0 @dependabot (#473)
• Bump github.com/bmatcuk/doublestar/v4 from 4.0.3 to 4.6.0 @dependabot (#469)
• Bump docker/metadata-action from 4.1.1 to 4.2.0 @dependabot (#468)
• Bump github.com/cert-manager/cert-manager from 1.10.1 to 1.11.0 @dependabot (#470)
• Bump k8s.io/cli-runtime from 0.25.4 to 0.26.0 @dependabot (#463)
• Bump k8s.io/client-go from 0.25.4 to 0.26.0 @dependabot (#464)
• Bump helm.sh/helm/v3 from 3.10.2 to 3.10.3 @dependabot (#462)

Full Changelog: 0.5.1...0.5.2

v0.5.1

Changes

• Fix issue #431 @juandspy (#439)

⬆️ Dependencies

27 changes

• Bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 @dependabot (#458)
• Bump github.com/cert-manager/cert-manager from 1.10.0 to 1.10.1 @dependabot (#453)
• Bump k8s.io/cli-runtime from 0.25.3 to 0.25.4 @dependabot (#454)
• Bump helm.sh/helm/v3 from 3.10.1 to 3.10.2 @dependabot (#450)
• Bump k8s.io/client-go from 0.25.3 to 0.25.4 @dependabot (#448)
• Bump github.com/spf13/viper from 1.13.0 to 1.14.0 @dependabot (#447)
• Bump github.com/golangci/golangci-lint from 1.50.0 to 1.50.1 @dependabot (#446)
• Bump github.com/cert-manager/cert-manager from 1.9.1 to 1.10.0 @dependabot (#442)
• Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 @dependabot (#443)
• Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 @dependabot (#444)
• Bump k8s.io/cli-runtime from 0.25.2 to 0.25.3 @dependabot (#434)
• Bump docker/metadata-action from 4.1.0 to 4.1.1 @dependabot (#435)
• Bump docker/setup-buildx-action from 2.1.0 to 2.2.1 @dependabot (#436)
• Bump sigstore/cosign-installer from 2.8.0 to 2.8.1 @dependabot (#437)
• Bump helm.sh/helm/v3 from 3.10.0 to 3.10.1 @dependabot (#432)
• Bump docker/login-action from 2.0.0 to 2.1.0 @dependabot (#429)
• Bump sigstore/cosign-installer from 2.7.0 to 2.8.0 @dependabot (#430)
• Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 @dependabot (#424)
• Bump docker/setup-buildx-action from 2.0.0 to 2.1.0 @dependabot (#425)
• Bump docker/metadata-action from 4.0.1 to 4.1.0 @dependabot (#426)
• Bump docker/build-push-action from 3.1.1 to 3.2.0 @dependabot (#427)
• Bump github.com/golangci/golangci-lint from 1.49.0 to 1.50.0 @dependabot (#422)
• Bump golang.org/x/net @tspearconquest (#419)
• Bump sigstore/cosign-installer from 2.6.0 to 2.7.0 @dependabot (#417)
• Bump k8s.io/cli-runtime from 0.25.0 to 0.25.2 @dependabot (#416)
• Bump helm.sh/helm/v3 from 3.9.4 to 3.10.0 @dependabot (#412)
• Bump k8s.io/api from 0.25.0 to 0.25.1 @dependabot (#411)

Full Changelog: 0.5.0...0.5.1

v0.5.0

Changes

• Fix uploading cosign signature for source code @dhaus67 (#409)
• Avoid name clash @dhaus67 (#408)
• Update Go to 1.19 @janisz (#401)
• antiaffinity check with namespaces: selector @jouve (#403)
• feat: Export RegisterObjectKind and MatcherFunc from objectkinds package @heckler1 (#394)
• feat: Add ephemeral containers to PodSpec.AllContainers() @heckler1 (#395)
• Create dangling ingress check @charlesoconor (#388)
• Support all hpa types in dangling-hpa @charlesoconor (#390)
• Skip failing anti-affinity rules if at least one valid rule is found. @dhaus67 (#373)
• Added t.Run() to use test name in unit test @Ankit152 (#374)
• Add release documentation and minor changes to draft release template. @dhaus67 (#372)
• Set permissions to binaries before uploading them. @dhaus67 (#371)

⬆️ Dependencies

17 changes

• Bump sigstore/cosign-installer from 2.5.1 to 2.6.0 @dependabot (#407)
• Bump github.com/spf13/viper from 1.12.0 to 1.13.0 @dependabot (#405)
• Bump helm.sh/helm/v3 from 3.9.2 to 3.9.4 @dependabot (#402)
• Bump k8s.io/cli-runtime from 0.24.3 to 0.25.0 @dependabot (#396)
• Bump k8s.io/client-go from 0.24.3 to 0.25.0 @dependabot (#397)
• Bump github.com/golangci/golangci-lint from 1.48.0 to 1.49.0 @dependabot (#398)
• Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 @dependabot (#399)
• Bump docker/build-push-action from 3.1.0 to 3.1.1 @dependabot (#392)
• Bump github.com/golangci/golangci-lint from 1.47.3 to 1.48.0 @dependabot (#391)
• Bump github.com/golangci/golangci-lint from 1.47.2 to 1.47.3 @dependabot (#385)
• Bump k8s.io/cli-runtime from 0.24.2 to 0.24.3 @dependabot (#384)
• Bump helm.sh/helm/v3 from 3.9.0 to 3.9.2 @dependabot (#381)
• Bump github.com/golangci/golangci-lint from 1.46.2 to 1.47.2 @dependabot (#382)
• Bump sigstore/cosign-installer from 2.4.1 to 2.5.0 @dependabot (#383)
• Bump docker/build-push-action from 3.0.0 to 3.1.0 @dependabot (#379)
• Bump k8s.io/client-go from 0.24.2 to 0.24.3 @dependabot (#376)
• Bump sigstore/cosign-installer from 2.4.0 to 2.4.1 @dependabot (#370)

Full Changelog: 0.4.0...0.4.1

Release changes

For the assets available for each release, there's been a change starting with this release:
Instead of adding tar.gz / zip archives for specific platforms containing the kube-linter binary, the binary have been now added unarchived as replacement.
The kube-linter-linux.tar.gz archive has been kept for backwards compatability with kube-linter-action, but is deprecated and will be removed with the next release. Hence, there's also no cosign signature available for it.

v0.4.0

Changes

• Adding support for ServiceAccount @trumant (#325)
• Fix typos in HPA replica check @acj (#347)
• Sign archives on release page @janisz (#338)

🚀 Features

• Add support to check dnsConfig options @weixiongny (#358)

🐛 Bug Fixes

• Release archives and use release tag @janisz (#337)

🧰 Maintenance

• Remove unused staticcheck import @janisz (#348)
• Remove circleci @janisz (#332)

⬆️ Dependencies

20 changes

• Bump github.com/stretchr/testify from 1.7.4 to 1.8.0 @dependabot (#368)
• Bump k8s.io/cli-runtime from 0.24.1 to 0.24.2 @dependabot (#366)
• Bump github.com/owenrumney/go-sarif/v2 from 2.1.1 to 2.1.2 @dependabot (#365)
• Bump k8s.io/client-go from 0.24.1 to 0.24.2 @dependabot (#364)
• Bump github.com/stretchr/testify from 1.7.2 to 1.7.4 @dependabot (#361)
• Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 @dependabot (#362)
• Bump k8s.io/api from 0.24.1 to 0.24.2 @dependabot (#363)
• Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 @dependabot (#357)
• Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 @dependabot (#355)
• Bump github.com/spf13/viper from 1.11.0 to 1.12.0 @dependabot (#356)
• Bump k8s.io/cli-runtime from 0.24.0 to 0.24.1 @dependabot (#352)
• Bump k8s.io/api from 0.24.0 to 0.24.1 @dependabot (#350)
• Bump k8s.io/apimachinery from 0.24.0 to 0.24.1 @dependabot (#349)
• Bump docker/login-action from 1.14.1 to 2 @dependabot (#345)
• Bump github/codeql-action from 1 to 2 @dependabot (#346)
• Bump helm.sh/helm/v3 from 3.8.2 to 3.9.0 @dependabot (#344)
• Bump github.com/golangci/golangci-lint from 1.46.0 to 1.46.2 @dependabot (#340)
• Bump actions/checkout from 2 to 3 @dependabot (#341)
• Bump actions/setup-go from 2 to 3 @dependabot (#342)
• Bump docker/build-push-action from 2.10.0 to 3.0.0 @dependabot (#343)

Full Changelog: 0.3.0...0.4.0

v0.3.0

Changes

• Run action on tag @janisz (#334)
• Update to Go1.18. @dhaus67 (#326)
• Add new flag to force color output. @dhaus67 (#324)
• Update CODEOWNERS @janisz (#319)
• Be more clear with errors found within anti-affinity rules. @dhaus67 (#318)
• Added target-port template and check for it @mtodor (#310)
• Remove if condition, handled by ignore-branches now. @dhaus67 (#309)
• Ignore dependabot branches. @dhaus67 (#306)
• added link to blog post about writing a custom template @garethahealy (#298)
• Use single workflow to build and test @janisz (#296)
• Create CODEOWNERS @janisz (#293)
• Add support for all current autoscaler hpa versions @mrunesson (#290)
• Add --fail-on-invalid-resource flag @rumstead (#279)
• update docker version in pre-commit-hooks @kenzht (#284)

🐛 Bug Fixes

• Check bash version on bats @janisz (#327)
• Do not alert on missing readiness / liveness probe for init containers. @dhaus67 (#302)

🧰 Maintenance

• Build alpine image and push to dockerhub @janisz (#316)
• Update actions with dependabot @janisz (#320)
• Enable gosec. @dhaus67 (#301)
• Add missing release id to upload artifacts @janisz (#299)
• Release with GH Action @janisz (#297)
• Build and push images to ghcr.io, sign images with cosign. @janisz (#295)

⬆️ Dependencies

20 changes

• Bump k8s.io/client-go from 0.23.6 to 0.24.0 @dependabot (#317)
• Bump actions/upload-artifact from 2 to 3 @dependabot (#329)
• Bump github.com/golangci/golangci-lint from 1.45.2 to 1.46.0 @dependabot (#333)
• Bump k8s.io/api from 0.23.6 to 0.24.0 @dependabot (#328)
• Bump actions/download-artifact from 2 to 3 @dependabot (#330)
• Bump docker/setup-buildx-action from 79abd3f86f79a9d68a23c75a09a9a85889262adf to 2 @dependabot (#331)
• Bump k8s.io/apimachinery from 0.23.6 to 0.24.0 @dependabot (#314)
• Bump docker/metadata-action from 3.3.0 to 4.0.1 @dependabot (#323)
• Bump docker/login-action from 1.9.0 to 1.14.1 @dependabot (#322)
• Bump actions/cache from 2 to 3 @dependabot (#321)
• Bump honnef.co/go/tools from 0.3.0 to 0.3.1 @dependabot (#315)
• Bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0 @dependabot (#307)
• Bump k8s.io/cli-runtime from 0.23.5 to 0.23.6 @dependabot (#308)
• Bump k8s.io/client-go from 0.23.5 to 0.23.6 @dependabot (#303)
• Bump k8s.io/api from 0.23.5 to 0.23.6 @dependabot (#304)
• Bump k8s.io/apimachinery from 0.23.5 to 0.23.6 @dependabot (#305)
• Bump helm.sh/helm/v3 from 3.8.1 to 3.8.2 @dependabot (#292)
• Bump github.com/spf13/viper from 1.10.1 to 1.11.0 @dependabot (#289)
• Bump honnef.co/go/tools from 0.2.2 to 0.3.0 @dependabot (#280)
• Bump github.com/golangci/golangci-lint from 1.45.0 to 1.45.2 @dependabot (#281)

Full Changelog: 0.2.6...v0.3.0

What's Changed

• update docker version in pre-commit-hooks by @kenzht in #284
• Bump github.com/golangci/golangci-lint from 1.45.0 to 1.45.2 by @dependabot in #281
• Bump honnef.co/go/tools from 0.2.2 to 0.3.0 by @dependabot in #280
• Bump github.com/spf13/viper from 1.10.1 to 1.11.0 by @dependabot in #289
• Add --fail-on-invalid-resource flag by @rumstead in #279
• Add support for all current autoscaler hpa versions by @mrunesson in #290
• Bump helm.sh/helm/v3 from 3.8.1 to 3.8.2 by @dependabot in #292
• Create CODEOWNERS by @janisz in #293
• Use single workflow to build and test by @janisz in #296
• Build and push images to ghcr.io, sign images with cosign. by @janisz in #295
• added link to blog post about writing a custom template by @garethahealy in #298
• Release with GH Action by @janisz in #297
• Add missing release id to upload artifacts by @janisz in #299
• Enable gosec. by @dhaus67 in #301
• Do not alert on missing readiness / liveness probe for init containers. by @dhaus67 in #302
• Ignore dependabot branches. by @dhaus67 in #306
• Bump k8s.io/apimachinery from 0.23.5 to 0.23.6 by @dependabot in #305
• Bump k8s.io/api from 0.23.5 to 0.23.6 by @dependabot in #304
• Bump k8s.io/client-go from 0.23.5 to 0.23.6 by @dependabot in #303
• Bump k8s.io/cli-runtime from 0.23.5 to 0.23.6 by @dependabot in #308
• Bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0 by @dependabot in #307
• Remove if condition, handled by ignore-branches now. by @dhaus67 in #309
• Added target-port template and check for it by @mtodor in #310
• Bump honnef.co/go/tools from 0.3.0 to 0.3.1 by @dependabot in #315
• Update actions with dependabot by @janisz in #320
• Build alpine image and push to dockerhub by @janisz in #316
• Bump actions/cache from 2 to 3 by @dependabot in #321
• Bump docker/login-action from 1.9.0 to 1.14.1 by @dependabot in #322
• Bump docker/metadata-action from 3.3.0 to 4.0.1 by @dependabot in #323
• Be more clear with errors found within anti-affinity rules. by @dhaus67 in #318
• Update CODEOWNERS by @janisz in #319
• Add new flag to force color output. by @dhaus67 in #324
• Update to Go1.18. by @dhaus67 in #326
• Bump k8s.io/apimachinery from 0.23.6 to 0.24.0 by @dependabot in #314
• Check bash version on bats by @janisz in #327
• Bump docker/setup-buildx-action from 79abd3f86f79a9d68a23c75a09a9a85889262adf to 2 by @dependabot in #331
• Bump actions/download-artifact from 2 to 3 by @dependabot in #330
• Bump k8s.io/api from 0.23.6 to 0.24.0 by @dependabot in #328
• Bump github.com/golangci/golangci-lint from 1.45.2 to 1.46.0 by @dependabot in #333
• Bump actions/upload-artifact from 2 to 3 by @dependabot in #329
• Bump k8s.io/client-go from 0.23.6 to 0.24.0 by @dependabot in #317
• Run action on tag by @janisz in #334

New Contributors

• @kenzht made their first contribution in #284
• @rumstead made their first contribution in #279
• @mrunesson made their first contribution in #290
• @dhaus67 made their first contribution in #301
• @mtodor made their first contribution in #310

Full Changelog: 0.2.6...0.3.0

v0.2.6

KubeLinter v0.2.5

Changes in this version: 0.2.5...0.2.6

Features

• template: add forbidden-annotation (#248)
• docs: Use YAML for parameters in documentation (#247)
• Add a check to enforce node affinities being defined (#265)
• Adding basic support for HorizontalPodAutoscaler resources from autoscalingv2Beta1 (#271)

Bug Fixes

• fix command name for shell completion (#231)
• Update the latest-tag check to capture the case where no tags are specified (#233)
• Use go install for installing binaries (#235)
• Ports check: Assume protocol is TCP if not specified (#230)
• Return non-zero exit status on no valid objects (#209)

v0.2.5

KubeLinter v0.2.5

Changes in this version: 0.2.4...0.2.5

Features

• Recognize batch/v1 CronJobs (#225)

Bug Fixes

• 'deprecated-service-account-field' should pass if both 'serviceAccount' and 'serviceAccountName' are set (#218)
• Fix object paths when Helm chart was renamed (#226)
• Correctly detect the replica count and selector for DeploymentConfig objects (#219)

v0.2.4

KubeLinter v0.2.4

Changes in this version: 0.2.3...0.2.4

Features

• Add AllowList parameter to the existing latestTag check (#199)
• Flag pods that are not isolated by a NetworkPolicy (#206)

Bug Fixes

• Ensure that the "results" field is populated in SARIF output even if there are no lint errors (#214)

v0.2.3

KubeLinter v0.2.3

Changes in this version: 0.2.2...0.2.3

Features

• Add template for imagePullPolicy checks (#202 )
• Add check for improper-container-image-tag (#191)
• Add template for update strategy and a basic check (#190)
• Add templates/checks for CIS Benchmarks for RBAC, secret, and namespace (#188)
• Add check for minimum number of replicas (#185)

Bug Fixes

v0.2.2

KubeLinter v0.2.2

Changes in this version: 0.2.1...0.2.2

Features

• Add about a dozen new templates and built-in checks based on Docker CIS benchmarks (#170)
• Add SARIF output (#160)

Bug Fixes

• Make the default service account check not fail when AutomountServiceAccountToken is false (#166)