search

digitalocean / clusterlint

A best practices checker for Kubernetes clusters. 🤠
Apache License 2.0
542 stars 45 forks source link

add dockerfile to build the clusterlint image to use in-cluster #134

Closed varshavaradarajan closed 2 years ago

varshavaradarajan commented 2 years ago

Follows up: #129

Fixes: #128

varshavaradarajan commented 2 years ago

@sundowndev - added the dockerfile to build the clusterlint image to use in-cluster

varshavaradarajan commented 2 years ago

Running in-cluster:

kubectl --kubeconfig ~/.kube/clusterlint-in-cluster-kubeconfig.yaml logs -f clusterlint-cron-27375650-jb28h
W0118 20:50:01.601608       1 warnings.go:70] admissionregistration.k8s.io/v1beta1 MutatingWebhookConfiguration is deprecated in v1.16+, unavailable in v1.22+; use admissionregistration.k8s.io/v1 MutatingWebhookConfiguration
W0118 20:50:01.613502       1 warnings.go:70] admissionregistration.k8s.io/v1beta1 ValidatingWebhookConfiguration is deprecated in v1.16+, unavailable in v1.22+; use admissionregistration.k8s.io/v1 ValidatingWebhookConfiguration
W0118 20:50:01.623230       1 warnings.go:70] batch/v1beta1 CronJob is deprecated in v1.21+, unavailable in v1.25+; use batch/v1 CronJob
[warning] default/pod/clusterlint-cron-27375650-jb28h: Container `clusterlint` can run as root user. Please ensure that the image is from a trusted source.
[warning] kube-system/pod/cilium-operator-588646485d-vgfgp: Container `cilium-operator` can run as root user. Please ensure that the image is from a trusted source.
[warning] kube-system/pod/coredns-85d9ccbb46-bb2bh: Container `coredns` can run as root user. Please ensure that the image is from a trusted source.
[warning] kube-system/pod/coredns-85d9ccbb46-nz67c: Container `coredns` can run as root user. Please ensure that the image is from a trusted source.
[warning] default/pod/clusterlint-cron-27375650-jb28h: Set resource requests and limits for container `clusterlint` to prevent resource contention
[warning] kube-system/pod/cilium-7pqff: Use fully qualified image for container 'cilium-agent'
[warning] kube-system/pod/cilium-c6rgc: Use fully qualified image for container 'cilium-agent'
[warning] default/pod/clusterlint-cron-27375650-jb28h: Avoid using the default namespace
[warning] default/config map/kube-root-ca.crt: Avoid using the default namespace
[warning] kube-node-lease/config map/kube-root-ca.crt: Unused config map
[warning] kube-public/config map/kube-root-ca.crt: Unused config map
[warning] kube-system/config map/extension-apiserver-authentication: Unused config map
sundowndev commented 2 years ago

Quick question @varshavaradarajan, are you gonna publish this image to a public Docker registry ? I think it'll still be useful to a lot of users to have a production-ready image available.

varshavaradarajan commented 2 years ago

@sundowndev - we plan to make an image available via github actions. I'll add it to the workflow, but I need the dockerfile merged before that. I'll update the readme to have the official image once we publish it in dockerhub. Until then, users can build their own image and use it in cluster.

sundowndev commented 2 years ago

@varshavaradarajan Great, looking forward to use it in production 👍🏻

CollinShoop commented 2 years ago

@varshavaradarajan anything blocking merge?

varshavaradarajan commented 2 years ago

Oh, thanks for the reminder!