{"id":13646456,"url":"https://github.com/uswitch/klint","last_synced_at":"2025-10-28T08:38:42.433Z","repository":{"id":49972690,"uuid":"99345323","full_name":"uswitch/klint","owner":"uswitch","description":"A 'realtime' kubernetes resource linter","archived":false,"fork":false,"pushed_at":"2024-07-09T15:49:04.000Z","size":21859,"stargazers_count":41,"open_issues_count":3,"forks_count":10,"subscribers_count":16,"default_branch":"master","last_synced_at":"2024-11-09T19:41:42.974Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/uswitch.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-08-04T13:27:22.000Z","updated_at":"2024-11-02T22:39:44.000Z","dependencies_parsed_at":"2024-08-02T01:38:34.234Z","dependency_job_id":null,"html_url":"https://github.com/uswitch/klint","commit_stats":null,"previous_names":[],"tags_count":31,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uswitch%2Fklint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uswitch%2Fklint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uswitch%2Fklint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uswitch%2Fklint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/uswitch","download_url":"https://codeload.github.com/uswitch/klint/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":229786999,"owners_count":18124014,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T01:02:56.243Z","updated_at":"2025-10-28T08:38:42.377Z","avatar_url":"https://github.com/uswitch.png","language":"Go","readme":"# klint\n\nA tool that listens to changes in Kubernetes resources and runs linting rules against them. Alerts are published\nvia Slack webhooks to a configurable channel (using an annotation on the object or the object's namespace).\n\n## Table of contents- [klint](#klint)\n- [klint](#klint)\n  - [Table of contents- klint](#table-of-contents--klint)\n  - [Rationale](#rationale)\n  - [Building](#building)\n  - [Using](#using)\n  - [Rules](#rules)\n    - [UnsuccessfulExitRule](#unsuccessfulexitrule)\n    - [ResourceAnnotationRule](#resourceannotationrule)\n    - [ScrapeNeedsPortsRule](#scrapeneedsportsrule)\n    - [ValidIAMRoleRule](#validiamrolerule)\n    - [RequireCronJobHistoryLimits](#requirecronjobhistorylimits)\n  - [Building](#building-1)\n  - [Notes](#notes)\n  - [License](#license)\n\n\n## Rationale\nWe started Klint to help us move more production teams over to our Kubernetes infrastructure. It helps us achieve:\n\n1. Identify and debug erroneous objects\n2. Nudge objects in line with our policy as both change over time\n\nFor example, we run another tool called [kiam](https://github.com/uswitch/kiam) to integrate with AWS' IAM roles,\nallocating each pod its own session-based credentials. On more than one occasion an application team had problems\ncaused by their roles being spelled incorrectly. Although relatively easy to debug for the Cluster Operations team\nit is not a great experience for the application developer. Klint helps us encode such checks and proactively alert\nteams when they need to take action.\n\n## Building\nTo build the exectuable you can use the `go` tool directly:\n\n```\n$ go get github.com/uswitch/klint\n```\n\n## Using\n\n1. Run klint as a deployment with a single replica on your cluster. \n2. Add an annotation to the namespace, or an object to be monitored: `com.uswitch.alert/slack: \u003cchannel\u003e`\n\nAs objects change klint will compare them against the rules and post to Slack.\n\n![Alert](alert.png)\n\n## Rules\n\n### UnsuccessfulExitRule\nWhen a Pod exits with a failure code an alert is generated. Additionally, recent log data is retrieved and output\nwith the message.\n\nIf Pods receive `SIGKILL` klint will warn that maybe the `SIGTERM` signal was ignored or that the graceful shutdown\nperiod is too short.\n\n### ResourceAnnotationRule\nThis ensures that Pods have cpu and memory requests and limits.\n\n### ScrapeNeedsPortsRule\nIf a Pod is marked as to be scraped via Prometheus (via the `prometheus.io.scrape` annotation) klint will ensure\nthe Pod also specifies ports. We had instances where applications wanted to be scraped but without the port data\nit was unable to figure out what to scrape.\n\n### ValidIAMRoleRule\nThis rule checks for a valid IAM Role if users specify an IAM role (via the `iam.amazonaws.com/role` annotation). We\nhad a handful of times where teams had roles with typos or that hadn't been created and it wasn't obvious why\nthe Pod had no permissions to AWS.\n\n### RequireCronJobHistoryLimits\nThis currently enforces a relatively low limit insisting that CronJob objects must specify both success and\nfailure history limits, and that these should both be lower than 10.\n\n\n## Building\n\n```\n$ go build -o bin/klint .\n```\n\n## Notes\n* *July 2024 -* The `klint` image is now stored in the `uswitch/klint` repository on Quay.\n\u003cbr\u003e\n\n## License\n\n```\nCopyright 2017 uSwitch\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","funding_links":[],"categories":["Go","Other"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuswitch%2Fklint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fuswitch%2Fklint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuswitch%2Fklint/lists"}