Static Analyzer
The Traefik Hub Static Analyzer is a tool designed to analyze your Traefik Hub manifests, ensuring they adhere to best practices and avoid common pitfalls.
Introduction
When developing APIs, managing configurations, or integrating changes into your CI/CD pipelines, this tool can be a go-to solution for maintaining the quality and consistency of Traefik Hub-based projects.
The Static Analyzer can validate Traefik Hub resources with Custom Resource Definitions (CRDs), lint custom resources, and generate diff change reports.
By integrating it into development workflows, one can catch issues early, streamline collaboration, and ensure the reliability of a change.
Install
The tool can be downloaded for Linux, Mac and Windows in traefik/hub releases
Lint
Evaluate resources and check common sources of misconfiguration.
hub-static-analyzer lint --path [path/to/manifests]
The linter evaluates different rules against your manifests. By default, all rules are enabled.
| Name | Description |
|---|---|
| childless | Check childless resources |
| duplicate | Check duplicate resources and resource references |
| operation-set | Check for unknown operation sets |
| orphan | Check orphan resources |
| reference | Check invalid resource references |
| regex | Check invalid regex |
| release | Check duplicate releases of a given API |
| resource | Check resource definitions |
| selector | Check selector definitions |
A rule can be turned off using the --rule.<name>=false flag.
By default, it outputs results in Unix format:
manifests/02-api.yaml:1:1 service port :8081 defined on field "service.openApiSpec.port" in resource petstore/my-petstore-api (API) is not found in petstore/petstore (Service) [service-port]
manifests/02-gateway.yaml:1:1 resource example (APIAccess) not found on field "apiAccesses" in resource my-gateway (APIGateway) [reference]
A different output format can be specified using the flag --format:
jsoncheckstyleunix
Diff
Analyze the differences between two revisions. This command generates change reports to better understand the impact of a manifest update.
hub-static-analyzer diff --path [path/to/manifests] [<commit>...<commit>]
# Gateway 1:
Groups gained access to:
| GROUP | API | RATE LIMIT |
|----------|----------|----------------------|
| my-group | my-api-2 | my-ratelimit (10/1s) |
Groups lost access to:
| GROUP | API | RATE LIMIT |
|----------|---------|------------|
| my-group | old-api | |
Group rate limits have changed:
| GROUP | API | RATE LIMIT |
|----------|--------|----------------------|
| my-group | my-api | my-ratelimit (10/1s) |
API versions have been added:
| API | VERSION | CURRENT |
|--------|--------------------|---------|
| my-api | my-api-v2 (v2.0.0) | true |
APIs current version have changed:
| API | BEFORE | AFTER |
|--------|--------------------|--------------------|
| my-api | my-api-v1 (v1.0.0) | my-api-v2 (v2.0.0) |
Kustomize
hub-static-analyzer analyzes the content of raw manifests.
Therefore, when using Kustomize, you must first generate your final manifest.
To use Kustomize with an overlay, point your --path to the overlay directory.
This can be achieved by running the following command:
kubectl kustomize /path/to/manifests -o /tmp/kustomized
hub-static-analyzer lint -p /tmp/kustomized
When using Flux, you may rely on variable substitutions.
hub-static-analyzer will fail to analyze your files if they contain such variables.
In this case, you'll need to substitute variables before running the static analysis:
go install github.com/drone/envsubst/cmd/envsubst@latest
# Or install the `gettext-base` package on Debian/Ubuntu or `gettext` on CentOS/RHEL/Fedora/Arch
export MY_VARIABLE=MY_VALUE
kubectl kustomize /path/to/manifests -o /tmp/kustomized | $GOPATH/bin/envsubst | yq --split-exp '.metadata.name + "." + $index + ".yaml"' --no-doc
hub-static-analyzer lint -p /tmp/kustomized