linode · eljohnson92 · Aug 21, 2025 · Aug 20, 2025
diff --git a/.custom-gcl.yaml b/.custom-gcl.yaml
@@ -0,0 +1,6 @@
+version: v2.4.0
+name: golangci-lint-kube-api-linter
+destination: ./bin
+plugins:
+  - module: 'sigs.k8s.io/kube-api-linter'
+    version: v0.0.0-20250819121536-a575e84f4ce8
diff --git a/.github/workflows/go-analyze.yml b/.github/workflows/go-analyze.yml
@@ -71,5 +71,8 @@ jobs:
         with:
           version: latest
 
+      - name: lint-api
+        run: make lint-api
+
       - name: Nilcheck
         run: make nilcheck
diff --git a/.golangci-kal.yml b/.golangci-kal.yml
@@ -0,0 +1,32 @@
+version: "2"
+run:
+  issues-exit-code: 1
+output:
+  formats:
+    text:
+      path: stdout
+linters:
+  default: none
+  enable:
+    - kubeapilinter # linter for Kube API conventions
+  settings:
+    custom:
+      kubeapilinter:
+        type: "module"
+        description: Kube API LInter lints Kube like APIs based on API conventions and best practices.
+        settings:
+          linters:
+            enable:
+              - "commentstart"
+            disable:
+              - "*"
+          lintersConfig: { }
+  exclusions:
+    rules:
+      - path-except: "^api/"
+        linters:
+          - kubeapilinter
+issues:
+  max-issues-per-linter: 0
+  max-same-issues: 0
+  new: false
diff --git a/Makefile b/Makefile
@@ -129,7 +129,11 @@ gosec: ## Run gosec against code.
 
 .PHONY: lint
 lint: ## Run lint against code.
-	docker run --rm -w /workdir -v $(PWD):/workdir golangci/golangci-lint:$(GOLANGCI_LINT_VERSION) golangci-lint run -c .golangci.yml --fix
+	$(GOLANGCI_LINT) run -c .golangci.yml
+
+.PHONY: lint
+lint-api: golangci-lint-kal ## Run lint against code.
+	$(GOLANGCI_LINT_KAL) run -c .golangci-kal.yml
 
 .PHONY: nilcheck
 nilcheck: nilaway ## Run nil check against code.
@@ -356,6 +360,8 @@ NILAWAY        ?= $(LOCALBIN)/nilaway
 GOVULNC        ?= $(LOCALBIN)/govulncheck
 MOCKGEN        ?= $(LOCALBIN)/mockgen
 GOWRAP         ?= $(CACHE_BIN)/gowrap
+GOLANGCI_LINT  ?= $(LOCALBIN)/golangci-lint
+GOLANGCI_LINT_KAL ?= $(CACHE_BIN)/golangci-lint-kube-api-linter
 S5CMD          ?= $(CACHE_BIN)/s5cmd
 
 ## Tool Versions
@@ -450,12 +456,15 @@ envtest: $(ENVTEST) ## Download setup-envtest locally if necessary.
 $(ENVTEST): $(CACHE_BIN)
 	GOBIN=$(CACHE_BIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 
-.PHONY: husky
-husky: $(HUSKY) ## Download husky locally if necessary.
-	@echo Execute install command to enable git hooks: ./bin/husky install
-	@echo Set any value for SKIP_GIT_PUSH_HOOK env variable to skip git hook execution.
-$(HUSKY): $(LOCALBIN)
-	GOBIN=$(LOCALBIN) go install github.com/automation-co/husky@$(HUSKY_VERSION)
+.phony: golangci-lint
+golangci-lint: $(GOLANGCI_LINT)
+$(GOLANGCI_LINT): # Build golangci-lint from tools folder.
+	GOBIN=$(LOCALBIN)  go install  github.com/golangci/golangci-lint/v2/cmd/golangci-lint@$(GOLANGCI_LINT_VERSION)
+
+.phony: golangci-lint-kal
+golangci-lint-kal: $(GOLANGCI_LINT_KAL)
+$(GOLANGCI_LINT_KAL): $(GOLANGCI_LINT) # Build golangci-lint-kal from custom configuration.
+	$(GOLANGCI_LINT) custom
 
 .PHONY: nilaway
 nilaway: $(NILAWAY) ## Download nilaway locally if necessary.

diff --git a/api/v1alpha2/addressset_types.go b/api/v1alpha2/addressset_types.go
@@ -22,7 +22,9 @@ import (
 
 // AddressSetSpec defines the desired state of AddressSet
 type AddressSetSpec struct {
+	// ipv4 defines a list of IPv4 address strings
 	IPv4 *[]string `json:"ipv4,omitempty"`
+	// ipv6 defines a list of IPv6 address strings
 	IPv6 *[]string `json:"ipv6,omitempty"`
 }
 
@@ -37,20 +39,24 @@ type AddressSetStatus struct {
 
 // AddressSet is the Schema for the addresssets API
 type AddressSet struct {
-	metav1.TypeMeta   `json:",inline"`
+	metav1.TypeMeta `json:",inline"`
+	// metadata is the standard object's metadata.
 	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Spec   AddressSetSpec   `json:"spec,omitempty"`
+	// spec is the desired state of the AddressSet
+	Spec AddressSetSpec `json:"spec,omitempty"`
+	// status is the observed state of the AddressSet
 	Status AddressSetStatus `json:"status,omitempty"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 
 // AddressSetList contains a list of AddressSet
 type AddressSetList struct {
 	metav1.TypeMeta `json:",inline"`
+	// metadata is the standard object's metadata.
 	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []AddressSet `json:"items"`
+	// items is a list of AddressSet
+	Items []AddressSet `json:"items"`
 }
 
 func init() {

diff --git a/api/v1alpha2/firewallrule_types.go b/api/v1alpha2/firewallrule_types.go
@@ -22,60 +22,67 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
-
-// FirewallRuleSpec defines the desired state of FirewallRule
+// FirewallRuleSpec defines the desired state of FirewallRule.
 type FirewallRuleSpec struct {
-	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
-	// Important: Run "make" to regenerate code after modifying this file
-	Action      string `json:"action"`
-	Label       string `json:"label"`
+	// action is the action to take when the rule matches.
+	Action string `json:"action"`
+	// label is the label of the rule.
+	Label string `json:"label"`
+	// description is the description of the rule.
 	Description string `json:"description,omitempty"`
-	Ports       string `json:"ports,omitempty"`
+	// ports is the ports to apply the rule to.
+	Ports string `json:"ports,omitempty"`
+	// protocol is the protocol to apply the rule to.
 	// +kubebuilder:validation:Enum=TCP;UDP;ICMP;IPENCAP
-	Protocol  linodego.NetworkProtocol `json:"protocol"`
-	Addresses *NetworkAddresses        `json:"addresses,omitempty"`
-	// AddressSetRefs is a list of references to AddressSets as an alternative to
-	// using Addresses but can be used in conjunction with it
+	Protocol linodego.NetworkProtocol `json:"protocol"`
+	// addresses is a list of addresses to apply the rule to.
+	Addresses *NetworkAddresses `json:"addresses,omitempty"`
+	// addressSetRefs is a list of references to AddressSets as an alternative to
+	// using Addresses but can be used in conjunction with it.
 	AddressSetRefs []*corev1.ObjectReference `json:"addressSetRefs,omitempty"`
 }
 
-// NetworkAddresses holds a list of IPv4 and IPv6 addresses
+// NetworkAddresses holds a list of IPv4 and IPv6 addresses.
 // We don't use linodego here since kubebuilder can't generate DeepCopyInto
 // for linodego.NetworkAddresses
 type NetworkAddresses struct {
+	// ipv4 defines a list of IPv4 address strings.
 	IPv4 *[]string `json:"ipv4,omitempty"`
+	// ipv6 defines a list of IPv6 address strings.
 	IPv6 *[]string `json:"ipv6,omitempty"`
 }
 
-// FirewallRuleStatus defines the observed state of FirewallRule
+// FirewallRuleStatus defines the observed state of FirewallRule.
 type FirewallRuleStatus struct {
 	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
 }
 
-//+kubebuilder:object:root=true
-//+kubebuilder:resource:path=firewallrules,scope=Namespaced,categories=cluster-api,shortName=fwr
-//+kubebuilder:subresource:status
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:path=firewallrules,scope=Namespaced,categories=cluster-api,shortName=fwr
+// +kubebuilder:subresource:status
 // +kubebuilder:metadata:labels="clusterctl.cluster.x-k8s.io/move-hierarchy=true"
 
 // FirewallRule is the Schema for the firewallrules API
 type FirewallRule struct {
-	metav1.TypeMeta   `json:",inline"`
+	metav1.TypeMeta `json:",inline"`
+	// metadata is the standard object's metadata.
 	metav1.ObjectMeta `json:"metadata,omitempty"`
-
-	Spec   FirewallRuleSpec   `json:"spec,omitempty"`
+	// spec is the desired state of the FirewallRule.
+	Spec FirewallRuleSpec `json:"spec,omitempty"`
+	// status is the observed state of the FirewallRule.
 	Status FirewallRuleStatus `json:"status,omitempty"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 
 // FirewallRuleList contains a list of FirewallRule
 type FirewallRuleList struct {
 	metav1.TypeMeta `json:",inline"`
+	// metadata is the standard object's metadata.
 	metav1.ListMeta `json:"metadata,omitempty"`
-	Items           []FirewallRule `json:"items"`
+	// items is a list of FirewallRule.
+	Items []FirewallRule `json:"items"`
 }
 
 func init() {