Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable all kube-linter rules #753

Open
6 tasks
czeslavo opened this issue Feb 16, 2023 · 0 comments · May be fixed by #1057
Open
6 tasks

Enable all kube-linter rules #753

czeslavo opened this issue Feb 16, 2023 · 0 comments · May be fixed by #1057
Labels
area/maintenance area/testing

Comments

@czeslavo
Copy link
Contributor

Context

In #751 we added kube-linter to our CI pipeline, suppressing all rules that were failing. The goal of this ticket is to enable all ignored rules OR add an explicit ignore annotation to the objects that have to break the rule due to some higher requirement.

The annotation can look as follows:

metadata:
  annotations:
    ignore-check.kube-linter.io/privileged: "This deployment needs to run as privileged because it needs kernel access"

Rules to be enabled

  • "no-read-only-root-fs"
  • "run-as-non-root"
  • "unset-cpu-requirements"
  • "unset-memory-requirements"

Acceptance criteria

  • No rules are specified in the exclude section of the .kube-linter.yaml config.
  • If there was an object in the helm chart that has to break any of the rules, it's explicitly explained in form of an ignore-check.kube-linter.io/rule-name annotation
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/maintenance area/testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(deploy) Increase container security giantswarm/kong-charts-upstream
1 participant
@czeslavo