Open viv-4 opened 6 months ago
appears to be primarily coming from the charts test pods, which is a minimal test template used on helm test: https://helm.sh/docs/topics/chart_tests/ https://github.com/place-labs/k8s-helm/blob/master/charts/placeos/charts/searchingest/templates/tests/test-connection.yaml
helm test
... "results": [ { "ruleId": "unset-cpu-requirements", "ruleIndex": 24, "message": { "text": "container \"searchingest\" has cpu request 0\nobject: \u003cno namespace\u003e/test-release-searchingest apps/v1, Kind=Deployment", }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "charts/placeos/charts/searchingest/templates/search-ingest-deployment.yaml.tpl", }, "region": { "startLine": 1 }, }, "logicalLocations": [ { "name": "test-release-searchingest", "kind": "Object Name", }, { "name": "", "kind": "Object Namespace" }, { "name": "apps", "kind": "GVK/Group" }, { "name": "v1", "fullyQualifiedName": "apps/v1", "kind": "GVK/Version", }, { "name": "Deployment", "fullyQualifiedName": "apps/v1, Kind=Deployment", "kind": "GVK/Kind", }, ], }, ], }, { "ruleId": "unset-cpu-requirements", "ruleIndex": 24, "message": { "text": "container \"searchingest\" has cpu limit 0\nobject: \u003cno namespace\u003e/test-release-searchingest apps/v1, Kind=Deployment", }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "charts/placeos/charts/searchingest/templates/search-ingest-deployment.yaml.tpl", }, "region": { "startLine": 1 }, }, "logicalLocations": [ { "name": "test-release-searchingest", "kind": "Object Name", }, { "name": "", "kind": "Object Namespace" }, { "name": "apps", "kind": "GVK/Group" }, { "name": "v1", "fullyQualifiedName": "apps/v1", "kind": "GVK/Version", }, { "name": "Deployment", "fullyQualifiedName": "apps/v1, Kind=Deployment", "kind": "GVK/Kind", }, ], }, ], }, { "ruleId": "unset-memory-requirements", "ruleIndex": 25, "message": { "text": "container \"searchingest\" has memory request 0\nobject: \u003cno namespace\u003e/test-release-searchingest apps/v1, Kind=Deployment", }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "charts/placeos/charts/searchingest/templates/search-ingest-deployment.yaml.tpl", }, "region": { "startLine": 1 }, }, "logicalLocations": [ { "name": "test-release-searchingest", "kind": "Object Name", }, { "name": "", "kind": "Object Namespace" }, { "name": "apps", "kind": "GVK/Group" }, { "name": "v1", "fullyQualifiedName": "apps/v1", "kind": "GVK/Version", }, { "name": "Deployment", "fullyQualifiedName": "apps/v1, Kind=Deployment", "kind": "GVK/Kind", }, ], }, ], }, { "ruleId": "unset-memory-requirements", "ruleIndex": 25, "message": { "text": "container \"searchingest\" has memory limit 0\nobject: \u003cno namespace\u003e/test-release-searchingest apps/v1, Kind=Deployment", }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "charts/placeos/charts/searchingest/templates/search-ingest-deployment.yaml.tpl", }, "region": { "startLine": 1 }, }, "logicalLocations": [ { "name": "test-release-searchingest", "kind": "Object Name", }, { "name": "", "kind": "Object Namespace" }, { "name": "apps", "kind": "GVK/Group" }, { "name": "v1", "fullyQualifiedName": "apps/v1", "kind": "GVK/Version", }, { "name": "Deployment", "fullyQualifiedName": "apps/v1, Kind=Deployment", "kind": "GVK/Kind", }, ], }, ], }, { "ruleId": "latest-tag", "ruleIndex": 10, "message": { "text": "The container \"wget\" is using an invalid container image, \"busybox\". Please use images that are not blocked by the `BlockList` criteria : [\".*:(latest)$\" \"^[^:]*$\" \"(.*/[^:]+)$\"]\nobject: \u003cno namespace\u003e/test-release-searchingest-test-connection /v1, Kind=Pod", }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "charts/placeos/charts/searchingest/templates/tests/test-connection.yaml", }, "region": { "startLine": 1 }, }, "logicalLocations": [ { "name": "test-release-searchingest-test-connection", "kind": "Object Name", }, { "name": "", "kind": "Object Namespace" }, { "name": "", "kind": "GVK/Group" }, { "name": "v1", "fullyQualifiedName": "v1", "kind": "GVK/Version", }, { "name": "Pod", "fullyQualifiedName": "/v1, Kind=Pod", "kind": "GVK/Kind", }, ], }, ], }, { "ruleId": "no-read-only-root-fs", "ruleIndex": 14, "message": { "text": "container \"wget\" does not have a read-only root file system\nobject: \u003cno namespace\u003e/test-release-searchingest-test-connection /v1, Kind=Pod", }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "charts/placeos/charts/searchingest/templates/tests/test-connection.yaml", }, "region": { "startLine": 1 }, }, "logicalLocations": [ { "name": "test-release-searchingest-test-connection", "kind": "Object Name", }, { "name": "", "kind": "Object Namespace" }, { "name": "", "kind": "GVK/Group" }, { "name": "v1", "fullyQualifiedName": "v1", "kind": "GVK/Version", }, { "name": "Pod", "fullyQualifiedName": "/v1, Kind=Pod", "kind": "GVK/Kind", }, ], }, ], }, { "ruleId": "run-as-non-root", "ruleIndex": 20, "message": { "text": "container \"wget\" is not set to runAsNonRoot\nobject: \u003cno namespace\u003e/test-release-searchingest-test-connection /v1, Kind=Pod", }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "charts/placeos/charts/searchingest/templates/tests/test-connection.yaml", }, "region": { "startLine": 1 }, }, "logicalLocations": [ { "name": "test-release-searchingest-test-connection", "kind": "Object Name", }, { "name": "", "kind": "Object Namespace" }, { "name": "", "kind": "GVK/Group" }, { "name": "v1", "fullyQualifiedName": "v1", "kind": "GVK/Version", }, { "name": "Pod", "fullyQualifiedName": "/v1, Kind=Pod", "kind": "GVK/Kind", }, ], }, ], }, { "ruleId": "unset-cpu-requirements", "ruleIndex": 24, "message": { "text": "container \"wget\" has cpu request 0\nobject: \u003cno namespace\u003e/test-release-searchingest-test-connection /v1, Kind=Pod", }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "charts/placeos/charts/searchingest/templates/tests/test-connection.yaml", }, "region": { "startLine": 1 }, }, "logicalLocations": [ { "name": "test-release-searchingest-test-connection", "kind": "Object Name", }, { "name": "", "kind": "Object Namespace" }, { "name": "", "kind": "GVK/Group" }, { "name": "v1", "fullyQualifiedName": "v1", "kind": "GVK/Version", }, { "name": "Pod", "fullyQualifiedName": "/v1, Kind=Pod", "kind": "GVK/Kind", }, ], }, ], }, { "ruleId": "unset-cpu-requirements", "ruleIndex": 24, "message": { "text": "container \"wget\" has cpu limit 0\nobject: \u003cno namespace\u003e/test-release-searchingest-test-connection /v1, Kind=Pod", }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "charts/placeos/charts/searchingest/templates/tests/test-connection.yaml", }, "region": { "startLine": 1 }, }, "logicalLocations": [ { "name": "test-release-searchingest-test-connection", "kind": "Object Name", }, { "name": "", "kind": "Object Namespace" }, { "name": "", "kind": "GVK/Group" }, { "name": "v1", "fullyQualifiedName": "v1", "kind": "GVK/Version", }, { "name": "Pod", "fullyQualifiedName": "/v1, Kind=Pod", "kind": "GVK/Kind", }, ], }, ], }, { "ruleId": "unset-memory-requirements", "ruleIndex": 25, "message": { "text": "container \"wget\" has memory request 0\nobject: \u003cno namespace\u003e/test-release-searchingest-test-connection /v1, Kind=Pod", }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "charts/placeos/charts/searchingest/templates/tests/test-connection.yaml", }, "region": { "startLine": 1 }, }, "logicalLocations": [ { "name": "test-release-searchingest-test-connection", "kind": "Object Name", }, { "name": "", "kind": "Object Namespace" }, { "name": "", "kind": "GVK/Group" }, { "name": "v1", "fullyQualifiedName": "v1", "kind": "GVK/Version", }, { "name": "Pod", "fullyQualifiedName": "/v1, Kind=Pod", "kind": "GVK/Kind", }, ], }, ], }, { "ruleId": "unset-memory-requirements", "ruleIndex": 25, "message": { "text": "container \"wget\" has memory limit 0\nobject: \u003cno namespace\u003e/test-release-searchingest-test-connection /v1, Kind=Pod", }, "locations": [ { "physicalLocation": { "artifactLocation": { "uri": "charts/placeos/charts/searchingest/templates/tests/test-connection.yaml", }, "region": { "startLine": 1 }, }, "logicalLocations": [ { "name": "test-release-searchingest-test-connection", "kind": "Object Name", }, { "name": "", "kind": "Object Namespace" }, { "name": "", "kind": "GVK/Group" }, { "name": "v1", "fullyQualifiedName": "v1", "kind": "GVK/Version", }, { "name": "Pod", "fullyQualifiedName": "/v1, Kind=Pod", "kind": "GVK/Kind", }, ], }, ], }, ], }, ], }
appears to be primarily coming from the charts test pods, which is a minimal test template used on
helm test: https://helm.sh/docs/topics/chart_tests/ https://github.com/place-labs/k8s-helm/blob/master/charts/placeos/charts/searchingest/templates/tests/test-connection.yaml