Skip to content
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

OpenShift Linter

This is a utility for OpenShift users/admins who want to know if certain rules have been followed.

Screenshot of the OpenShift Linter GUI

Fig. 1 OpenShift Linter GUI

Quick usage

If you're unsure if this tool is for you, switch to a busy project using oc and enter:

$ oc export dc --raw | docker run --rm -i gerald1248/openshift-linter:latest


Usage: ./openshift-linter [<JSON/YAML file> [<JSON/YAML file>]]
  -c string
    	TLS server certificate (default "cert.pem")
  -k string
      TLS server key (default "key.pem")
  -n string
      hostname (default "localhost")
  -o string
      output format (json, yaml or md) (default "md")
  -p int
      listen on port (default 8443)
  --checks string
        pattern for selected checks (default "^[a-z0-9 _-]+$")
  --container string
    	pattern for containers (default "^[a-z0-9_-]+$")
  --env string
    	pattern for environment variables (default "^[A-Z0-9_-]+$")
  --name string
    	pattern for names (default "^[a-z0-9_-]+$")
  --namespace string
    	pattern for namespaces/projects (default "^[a-z0-9_-]*$")
  --skip-container string
    	pattern for skipped containers
  --whitelist-registries string
    	pattern for whitelisted registries (default ".*")
  list	Print list of available checks

The main use cases are:

  • Command line: create report based on OpenShift configuration objects
  • Server: you wish to generate reports by posting configuration files to the server at the URL shown
  • GUI: point your browser to the URL shown and fetch current configuration data from the master

Command line use

As part of an automation pipeline, use:

$ oc export dc,bc,route --raw | openshift-linter

The --raw flag ensures that namespace information is present.

If the configuration objects are available as files, enter:

$ ./openshift-linter i-contain-multitudes.yaml

Both JSON and YAML can be provided.

The sample configuration data/sample-mix.min.json, for example, produces the following markdown output (excerpt):

image pull policy

### always

|**Namespace**|**Name**               |**Container**   |
|samples      |ruby-hello-one-error   |ruby-hello-world|
|samples      |ruby-hello-two-errors  |ruby-hello-world|
|samples      |ruby-hello-three-errors|ruby-hello-world|
|samples      |ruby-hello-four-errors |ruby-hello-world|

To write out YAML or JSON instead, use the -o switch specifying either json or yaml.

When setting naming conventions for namespaces, names, containers and environment variables, be sure to use anchors to describe the string as a whole.

Specifying checks

The option --checks allows the user to specify one or more of the available checks (see Listing below):

$ ./openshift-linter --checks limits input.yaml

Regular expressions can be used here, so the following invokes all checks related to limits/requests and security:

$ ./openshift-linter --checks "(limits|security)" input.yaml

Note that quotation marks may be necessary in this case.

Server use

$ ./openshift-linter
Listening on port 8443
POST JSON sources to https://localhost:8443/openshift-linter
Generate report at https://localhost:8443/openshift-linter/report

You can supply parameters by adding customNamespaceLabel, customNamespacePattern, customNamePattern, customContainerPattern, customEnvPattern properties to the JSON object passed to the server.

GUI use

Open the URL shown in your browser to fetch configuration data from your OpenShift master. If you've already created a report, you can sideload and create the browser view with charts that way. You can supply the parameters usually specified on the command line in the Settings pane.


To print a list of the available linter items with descriptions, enter:

$ ./openshift-linter list
|**Item**          |**Description**                                            |
|env name collision|near-identical env names                                   |
|env name invalid  |env name doesn't match predefined regex                    |
|health            |health check missing or incomplete                         |
|image pull policy |policy 'Always' or ':latest' image specified               |
|limits            |resource limits missing, incomplete or invalid             |
|name invalid      |namespace, name or container doesn't match predefined regex|
|registry          |registry not whitelisted                                   |
|route conflict    |route has more than one name                               |
|security          |privileged security context                                |


Install Go using one of the installers available from and set up your $GOPATH and $GOBIN as you see fit (exporting GOPATH=~/golang and GOBIN=$GOPATH/bin in your .bash_profile will do). Windows users should use Git Bash or a similar, unixy shell.

Then clone The folder structure below $GOPATH should look roughly as follows:

    └── gerald1248
        └── openshift-linter
            ├── LICENSE
            ├── bindata.go
            ├── contributors.txt
            ├── data
            ├── gulpfile.js
            ├── item-env.go
            ├── item-health.go
            ├── item-image-pull-policy.go
            ├── item-limits.go
            ├── item-pattern.go
            ├── item-security.go
            ├── items.go
            ├── openshift-linter.go
            ├── package.json
            ├── preflight.go
            ├── preflight_test.go
            ├── screenshots
            ├── server.go
            ├── src
            ├── static
            ├── types.go
            └── types_test.go

Next, install Node.js using your package manager. cd into the working directory openshift-linter and enter:

$ sudo npm install -g gulp-cli
$ npm install

Note for Ubuntu users: as gulp-cli currently expects node, but Ubuntu installs nodejs, gulp has to be triggered as follows:

$ nodejs node_modules/gulp/bin/gulp.js

In other words, it's very nearly the invocation to use when installing gulp-cli globally is not possible or desirable:

$ node node_modules/gulp/bin/gulp.js

Before running gulp (which builds and tests the program), fetch and install the Go dependencies (go get also runs at build time):

$ export GOPATH=$HOME/go
$ go get -u
$ go get -u

With that, the workspace is ready. The default task (triggered by gulp) compiles openshift-linter from source, runs tests, checks the source format, generates a binary in package and writes out a distributable zip for your operating system.

You can also run gulp build, gulp test, gulp watch, etc. individually if you wish.

How do I create my own checks?

Add types that conform to the LinterItem interface, then register them in items.go.


To cross-compile Mac, Linux and Windows binaries, enter:

$ gulp build-all

You can also individually cross-compile using the build-darwin, build-linux and build-win32 targets.


openshift-linter is intended for Docker images built from scratch. To trigger a Linux build, build the image and run it, enter:

$ gulp build-docker

If you'd rather use an existing image, you may wish to run docker pull gerald1248/openshift-linter.


simple checks for OpenShift configuration objects





No packages published
You can’t perform that action at this time.