Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.
Add container resource request and limit checks for ephemeral-storage.
New kube-score checks would mirror existing container CPU and Memory checks; including the option to ignore ephemeral-storage limits not being set.
Examples:
$ kube-score score pod-testfile1.yaml
[CRITICAL] Container Resources
· app -> Ephemeral Storage limit is not set
Resource limits are recommended to avoid resource DDOS. Set
resources.limits.ephemeral-storage
· log-aggregator -> CPU limit is not set
Resource limits are recommended to avoid resource DDOS. Set
resources.limits.cpu
· log-aggregator -> Memory limit is not set
Resource limits are recommended to avoid resource DDOS. Set
resources.limits.memory
· log-aggregator -> CPU request is not set
Resource requests are recommended to make sure that the application
can start and run without crashing. Set resources.requests.cpu
· log-aggregator -> Memory request is not set
Resource requests are recommended to make sure that the application
can start and run without crashing. Set resources.requests.memory
$ kube-score score --ignore-container-ephemeral-storage-limit pod-testfile1.yaml
[CRITICAL] Container Resources
· log-aggregator -> CPU limit is not set
Resource limits are recommended to avoid resource DDOS. Set
resources.limits.cpu
· log-aggregator -> Memory limit is not set
Resource limits are recommended to avoid resource DDOS. Set
resources.limits.memory
· log-aggregator -> CPU request is not set
Resource requests are recommended to make sure that the application
can start and run without crashing. Set resources.requests.cpu
· log-aggregator -> Memory request is not set
Resource requests are recommended to make sure that the application
can start and run without crashing. Set resources.requests.memory
kmarteaux
commented
2 years ago
Add container resource request and limit checks for ephemeral-storage.
New kube-score checks would mirror existing container CPU and Memory checks; including the option to ignore ephemeral-storage limits not being set.
Examples:
$ kube-score score pod-testfile1.yaml
[CRITICAL] Container Resources · app -> Ephemeral Storage limit is not set Resource limits are recommended to avoid resource DDOS. Set resources.limits.ephemeral-storage · log-aggregator -> CPU limit is not set Resource limits are recommended to avoid resource DDOS. Set resources.limits.cpu · log-aggregator -> Memory limit is not set Resource limits are recommended to avoid resource DDOS. Set resources.limits.memory · log-aggregator -> CPU request is not set Resource requests are recommended to make sure that the application can start and run without crashing. Set resources.requests.cpu · log-aggregator -> Memory request is not set Resource requests are recommended to make sure that the application can start and run without crashing. Set resources.requests.memory
$ kube-score score --ignore-container-ephemeral-storage-limit pod-testfile1.yaml [CRITICAL] Container Resources · log-aggregator -> CPU limit is not set Resource limits are recommended to avoid resource DDOS. Set resources.limits.cpu · log-aggregator -> Memory limit is not set Resource limits are recommended to avoid resource DDOS. Set resources.limits.memory · log-aggregator -> CPU request is not set Resource requests are recommended to make sure that the application can start and run without crashing. Set resources.requests.cpu · log-aggregator -> Memory request is not set Resource requests are recommended to make sure that the application can start and run without crashing. Set resources.requests.memory