Analysis of Kubernetes Resources
Setting up the analysis of Kubernetes resources is similar to the analysis for other technologies in Teamscale. Information about specifics to the Kubernetes analysis is provided in this article.
Helm Charts, Kustomizations, Static Manifests
Kubernetes resources can either be provided as static manifests or built using frameworks such as Helm or Kustomize. Teamscale automatically detects if a given resource should be analyzed as (part of a) Kustomization or Helm chart, or as static manifest by itself:
- All Kubernetes resource files in a folder containing a
Chart.yaml
and its subfolders will be analyzed as one Helm chart. - All files referenced (transitively) by one or more
kustomization.yaml
files, are analyzed as part of the respective Kustomization(s). - All files that are neither part of a Helm chart nor of a Kustomization are analyzed as static manifests.
For Helm charts and Kustomizations, Teamscale analyzes the full manifest that is built from all included resources. Resources that are part of a Helm chart or are referenced by a Kustomization are not analyzed by themselves, but only in context of the Helm chart or Kustomization that references them. Static manifests are analyzed by themselves without any additional steps.
In case of incorrect configuration in Helm charts or Kustomizations, e.g., referenced files do not exist, Teamscale may fail to build the full manifest. This is indicated by a corresponding message in the code view and an entry in the right sidebar under Parsing issue found!.
The analysis will be skipped and Teamscale will not compute a findings churn for the affected manifests until a valid configuration is restored.
Project Creation and Analysis Setup
Teamscale comes with a Kubernetes (default) analysis profile containing a set of activated checks that should be a good starting point for most projects. This analysis profile can be adjusted according to your needs or a new analysis profile for the language Kubernetes can be created. The following Kubernetes-specific aspects must be considered in addition to the general project setup .
Analyzing all Relevant Files
By default, when selecting a Kubernetes analysis profile for a Teamscale project, all yaml
and json
files are included in the analysis. However, in general, it is also possible to reference other file types, such as, txt
files from Kustomizations or Helm charts. If this is the case, you need to adjust the patterns in the Included file names field in the project creation/edit view. You can start with the pattern **.*
to include all files in the configured connector and then, if necessary, narrow down the pattern to the relevant files again.
Helm Values Files
This section is not relevant if the project only contains plain manifests or Kustomizations. For Helm charts, the following additional steps are required for the project creation.
The Helm framework provides a templating mechanism that allows to inject values into Helm charts from values files. An essential benefit of this is that different values files can exist in the project to cover different use cases. Teamscale needs to receive a full set of required values to be able to correctly analyze the Helm charts. With the default configuration, you can add all required values yaml files to a "teamscale" folder inside the Helm chart folder.
You can adjust the location of the values files to be included in the analysis profile:
- Go to Project Configuration > Analysis Profile.
- Click Edit on the Kubernetes analysis profile that should be used.
- Click Advanced Options.
- Adjust the options Helm values folder and Helm value files regex:
- Helm values folder specifies the path relative to the Helm chart folder which should be used to look for values files.
- Helm value files regex is a regular expression that specifies which files in the Helm values folder to consider when building the Helm chart for the static analysis.
Web UI Features for Kubernetes Resources
This section provides an overview of how the Teamscale UI helps to navigate through the analysis results for Kubernetes resources.
Toggle between Full Manifest and Original File
For root Helm charts and root Kustomizations (i.e. Helm charts or Kustomizations that are not referenced by any other Helm charts or Kustomizations), Teamscale builds the corresponding full manifests before it analyzes them. The findings from the static analysis are assigned to lines in the full manifest. By default, the code view (Metrics > Files) displays the full manifests built from those Helm charts or Kustomizations rather than the original file content of the Chart.yaml
or kustomization.yaml
. For the root Chart.yaml
or kustomization.yaml
, the code view provides a link on the top which allows switching to the Original file content:
And back to the Full Kubernetes manifest:
Find Origin Locations of Findings
Findings in full manifests for Helm charts and Kustomizations often need to be fixed in one of the referenced resources. Teamscale supports the navigation to the referenced resources in the code view and the finding details view.
Code View
For Helm charts, the link can be found in the Source comment at the beginning of a section:
For Kustomizations, the link can be found in the origin annotations under path:
Finding Details View
The finding details view provides a link to the file where the affected section of the full manifest is defined. This link can be found under Other files beside the finding location below the finding description.