Merge pull request #8 from HighwayofLife/update-cli-tools

Update all tools; install helm and git

Author: HighwayofLife

CHANGELOG.md

@@ -1,3 +1,34 @@
+v2.6
+----
+### Features 🚀
+* 🚀 **[NEW]** Added **[Helm](https://github.com/helm/helm)** is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources.
+
+Use Helm to:
+
+* Lint and Validate your Helm Charts
+* Generate manifests from your Helm Chart Templates
+* Find and use popular software packaged as Helm Charts to run in Kubernetes
+* Share your own applications as Helm Charts
+* Create reproducible builds of your Kubernetes applications
+* Intelligently manage your Kubernetes manifest files
+* Manage releases of Helm packages
+
+* 🚀 **[NEW]** Added **[Datree](https://github.com/datreeio/datree)** is a CLI tool that helps prevent Kubernetes misconfigurations from reaching production. Datree is a CLI tool to ensure K8s manifests and Helm charts follow best practices as well as your organization’s policies.
+
+The Datree CLI integration provides a policy enforcement solution for Kubernetes to run automatic checks on every code change for rule violations and misconfigurations. When rule violations are found, Datree produces an alert which guides the developer to fix the issue inside the CI process — or even earlier as a pre-commit hook — while explaining the reason behind the rule.
+
+### Additions
+* Install Helm [v3.6.0](https://github.com/helm/helm/releases/tag/v3.6.0)
+* Install Datree [v0.1.431](https://github.com/datreeio/datree/releases/tag/0.1.431)
+* Install Datree Helm Plugin
+
+### Updates 📝
+* Kustomize from 4.1.0 to [4.1.3](https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.1.3)
+* Polaris from 3.2.1 to [4.0.2](https://github.com/FairwindsOps/polaris/releases/tag/4.0.2)
+* KubeLinter from 0.2.1 to [0.2.2](https://github.com/stackrox/kube-linter/releases/tag/0.2.2)
+* KubeAudit from 0.14.0 to [0.14.1](https://github.com/Shopify/kubeaudit/releases/tag/v0.14.1)
+
+
 v2.5
 ----
 

Dockerfile

@@ -1,13 +1,13 @@
 FROM python:3.9.5-alpine3.13
 # https://hub.docker.com/_/python
 
-ARG APP_VERSION=2.5
+ARG APP_VERSION=2.6
 
 # https://github.com/instrumenta/kubeval/releases
 ARG KUBEVAL_VERSION=0.16.1
 
 # https://github.com/kubernetes-sigs/kustomize/releases
-ARG KUSTOMIZE_VERSION=4.1.0
+ARG KUSTOMIZE_VERSION=4.1.3
 
 # https://github.com/open-policy-agent/conftest/releases
 ARG CONFTEST_VERSION=0.25.0
@@ -19,24 +19,24 @@ ARG CONFIG_LINT_VERSION=1.6.0
 ARG KUBE_SCORE_VERSION=1.11.0
 
 # https://github.com/FairwindsOps/polaris/releases
-ARG POLARIS_VERSION=3.2.1
+ARG POLARIS_VERSION=4.0.2
 
 # https://github.com/stackrox/kube-linter/releases
-ARG KUBE_LINTER_VERSION=0.2.1
+ARG KUBE_LINTER_VERSION=0.2.2
 
 # https://github.com/yannh/kubeconform/releases
 ARG KUBECONFORM_VERSION=0.4.7
 
 # https://github.com/Shopify/kubeaudit/releases
-ARG KUBEAUDIT_VERSION=0.14.0
+ARG KUBEAUDIT_VERSION=0.14.1
 
 # https://github.com/datreeio/datree/releases
-ARG DATREE_VERSION=0.1.382
+ARG DATREE_VERSION=0.1.431
 
 # split layers into distinct components
 # Install yamllint and kubectl via the alpine packages repositories
-RUN apk add --no-cache --upgrade bash ca-certificates curl tar yamllint \
-  && apk add kubectl --no-cache --repository http://dl-3.alpinelinux.org/alpine/edge/testing/ --allow-untrusted
+RUN apk add --no-cache --upgrade bash ca-certificates curl tar yamllint git \
+  && apk add kubectl helm --no-cache --repository http://dl-3.alpinelinux.org/alpine/edge/testing/ --allow-untrusted
 
 # Install Kubeval
 RUN  mkdir /tmp/kubeval \
@@ -126,7 +126,8 @@ RUN mkdir /tmp/datree \
   && unzip /tmp/datree/datree.zip -d /tmp/datree/ \
   && mv /tmp/datree/datree /usr/local/bin \
   && chmod +x /usr/local/bin/datree \
-  && rm -rf /tmp/datree 
+  && rm -rf /tmp/datree \
+  && helm plugin install https://github.com/datreeio/helm-datree
 
 CMD ["/bin/bash"]
 

README.md

@@ -26,6 +26,7 @@ Tools List
 | Tool        | Version  | Purpose    | Description                                                                       |
 |-------------|----------|------------|-----------------------------------------------------------------------------------|
 | Kubectl     | 1.21.1   | CLI        | Kubernetes CLI. Can be used with `--dry-run=client` to validate manifests         |
+| Helm        | 3.6.0    | CLI        | Helm helps you manage Kubernetes applications — define, install, and upgrade  Kubernetes applications as helm charts. Run as a validation tool, can be run as `helm lint`, or `helm template`. |
 | Yamllint    | 1.26.0   | Linter     | Basic linter for YAML files                                                       |
 | Kubeval     | 0.16.1   | Validation | Tool for validating a Kubernetes YAML manifests. Doesn't work with CRDs.          |
 | Kustomize   | 4.1.0    | Compile    | Template-free way to customize app configs. Useful to validate kustomize configs. |
@@ -85,6 +86,29 @@ KubeCTL
 $ kubectl create --dry-run --validate -f invalid.yaml
 ```
 
+Helm
+----
+
+Helm commands to use in CI to lint or validate helm charts.
+
+#### helm lint
+examine a chart for possible issues.
+
+**NOTE:** 
+> `helm lint` by itself is insufficient to adequately validate a helm chart. It is recommended to use `helm lint` and `helm template` in combination with one of the other manifest validation tools. (See below example)
+
+This command takes a path to a chart and runs a series of tests to verify that the chart is well-formed.
+
+If the linter encounters things that will cause the chart to fail installation, it will emit `[ERROR]` messages. If it encounters issues that break with convention or recommendation, it will emit `[WARNING]` messages.
+
+```sh
+helm lint PATH [flags]
+```
+
+#### helm template with kubeconform 
+```sh
+helm template ./path/to/chart | kubeconform -strict -ignore-missing-schemas
+
 Config-Lint
 -----------
 
@@ -176,7 +200,6 @@ datree test my-app/deployment.yaml
 ```
 
 #### Example with Helm
-_First, you need to install [Datree's helm plugin](https://hub.datree.io/helm-plugin)_
 ```sh
 helm datree test <CHART_DIRECTORY>
 ```