Closed d47zm3 closed 5 years ago
Hi @d47zm3! The critical
section of the scoring is to show negative points.
The advisory
section contains recommendations.
To make it clearer we may introduce the points given for a particular entry in future.
So in your example the selector is matched, kubesec deducts some points, and provides a reason in the output.
Does that make sense? Would anything make this clearer? The wording in the reason is perhaps not the best here.
Well I get what you're saying, but the thing is, kubesec don't give me points when it should (cause hostAliases is there). Funny thing is I tested kubesec using docker image with tag being some commit/build and it scored 15 (so all checks passed), but using newest build/web api it gives me score 13 complaining about missing hostAliases (which is there, in manifest!). So I think you got me wrong
Having hostAliases
should give you a critical message, use docker.io/kubesec/kubesec:512c5e0
Doh, now I understand, for maximum score it should not be there... I was mistaken by the other image/build (I think I used tag from README), where it didn't gave me points if it wasn't there. Then it's solved, thanks!
@sublimino maybe delete the v2
tag from Docker Hub and remove it from the readme. I think we should be using immutable tags only.
@sublimino maybe delete the
v2
tag from Docker Hub and remove it from the readme. I think we should be using immutable tags only.
Yep @stefanprodan you're right, we should fix the Hub tags -- I haven't fixed up the release process yet though :( Temporary fix is updating the README https://github.com/controlplaneio/kubesec/commit/72f202e6825a373cc0413d0670b4f3ff27753210 but I'll fix the cloudbuild before pushing any more features.
Thanks for your patience @d47zm3!
Despite of having hostAliases specified, kubesec reports it's as missing, here's YAML and result of POST to kubesec.io
Result:
Kubeval reports valid deployment as well