Update validation tools. And conftest

Author: HighwayofLife

Dockerfile

@@ -1,18 +1,21 @@
-FROM python:3.8-alpine3.10
+FROM python:3.8.2-alpine3.11
 
-ARG APP_VERSION=1.0
+ARG APP_VERSION=2.0
 
 # https://github.com/kubernetes/kubectl/releases
-ARG KUBECTL_VERSION=1.16.2
+ARG KUBECTL_VERSION=1.18.2
 
 # https://github.com/instrumenta/kubeval/releases
-ARG KUBEVAL_VERSION=0.14.0
+ARG KUBEVAL_VERSION=0.15.0
 
 # https://pypi.org/project/yamllint/
-ARG YAMLLINT_VERSION=1.18.0
+ARG YAMLLINT_VERSION=1.23.0
 
 # https://github.com/kubernetes-sigs/kustomize/releases
-ARG KUSTOMIZE_VERSION=3.3.0
+ARG KUSTOMIZE_VERSION=3.5.4
+
+# https://github.com/instrumenta/conftest/releases
+ARG CONFTEST_VERSION=0.18.1
 
 # split layers into distinct components
 RUN apk add --no-cache ca-certificates curl
@@ -39,6 +42,16 @@ RUN mkdir /tmp/kustomize \
   && chmod +x /usr/local/bin/kustomize \
   && rm -rf /tmp/kustomize
 
+# Install Conftest (https://www.conftest.dev/)
+RUN mkdir /tmp/conftest \
+  && curl -L -o /tmp/conftest/conftest.tar.gz \
+  https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_amd64.tar.gz \
+  https://github.com/instrumenta/conftest/releases/download/v${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz
+  && tar xf /tmp/conftest/conftest.tar.gz -C /tmp/conftest \
+  && mv /tmp/conftest/conftest /usr/local/bin \
+  && chmod +x /usr/local/bin/conftest \
+  && rm -rf /tmp/conftest
+
 # Install Kubectl
 RUN curl -o /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl \
     && chmod +x /usr/local/bin/kubectl

LICENSE

@@ -0,0 +1,21 @@
+    MIT License
+
+    Copyright (c) Microsoft Corporation. All rights reserved.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE

README.md

@@ -1,2 +1,54 @@
-# kubeval-tools
-Common Validation tools for Kubernetes Manifests, yamllint, kubeval, kustomize
+Kubernetes Validation Tools
+===========================
+
+Common validation and linting tools for structured configuration data, including Kubernetes YAML Manifests.
+
+Why?
+----
+
+I wasn't able to find a single docker image that contained all of the major validation tools (of which there are several!) to validate Kubernetes YAML manifest files as part of a CI/CD process before being automatically deployed to Kubernetes. This repo isn't designed to cover how to use these individual tools, but the links below should lead you to documentation for using each tool. We have found it useful to use several tools during our CI process because some check certain aspects that others cannot.
+
+Usage
+-----
+
+Grab the latest image from Docker hub: [Deck15/kubeval-tools](https://hub.docker.com/r/deck15/kubeval-tools)
+
+```sh
+docker run --rm -it deck15/kubeval-tools /bin/sh
+```
+
+KubeVal
+-------
+
+[kubeval](https://kubeval.instrumenta.dev/) is a tool for validating a Kubernetes YAML or JSON configuration file. It does so using schemas generated from the Kubernetes OpenAPI specification, and therefore can validate schemas for multiple versions of Kubernetes.
+
+ConfTest
+--------
+[ConfTest](https://www.conftest.dev/) is a utility to help you write tests against structured configuration data. For instance you could write tests for your Kubernetes configurations, or Tekton pipeline definitions, Terraform code, Serverless configs or any other structured data.
+
+Conftest relies on the Rego language from Open Policy Agent for writing the assertions.
+
+YAMLLint
+--------
+[yamllint](https://yamllint.readthedocs.io/) is a linter for YAML files.
+
+yamllint does not only check for syntax validity, but for weirdnesses like key repetition and cosmetic problems such as lines length, trailing spaces, indentation, etc.
+
+Kustomize
+---------
+
+[Kustomize](https://kustomize.io/) lets you customize raw, template-free YAML files for multiple purposes, leaving the original YAML untouched and usable as is.
+
+kustomize targets kubernetes; it understands and can patch kubernetes style API objects. It's like make, in that what it does is declared in a file, and it's like sed, in that it emits edited text. Kustomize traverses a Kubernetes manifest to add, remove or update configuration options without forking.
+
+Kustomize is particularly useful to use with tools like [ArgoCD](https://argoproj.github.io/argo-cd/user-guide/kustomize/), [FluxCD](https://docs.fluxcd.io/en/latest/references/fluxyaml-config-files/), or [Spinnaker](https://www.spinnaker.io/guides/user/kubernetes-v2/kustomize-manifests/) to enable shared manifests (resources) across multiple clusters or environments without duplicating code. Kustomize allows overrides, merges, and other configuration features.
+
+KubeCTL
+-------
+
+[kubectl](https://kubectl.docs.kubernetes.io/) is the Kubernetes cli version of a swiss army knife, and can do many things. One of those things is being able to do a dry-run validate on a yaml file.
+
+```sh
+$ kubectl create --dry-run --validate -f invalid.yaml
+```
+