search

zegl / kube-score

Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.
https://kube-score.com
MIT License
2.72k stars 174 forks source link

Implement feature request: a configuration file #384 #442

Closed kmarteaux closed 2 years ago

kmarteaux commented 2 years ago 
RELNOTE:  

New kube-score configuration file capability.

### Configuration File Creation 

By default, kube-score will create a configuration file called .kube-score.yml  in the current working directory if no configuration file is present. The user may explicitly create a configuration file by running 

$ kube-score mkconfig --config /pathname/to/file 

To use the generated configuration file with kube-score 

$ kube-score score --config /pathname/to/file <whatever>.yaml 

The generated configuration file will contain several directives, along with all current registered kube-score default and optional tests.  

### Configuration Format for .kube-score.yml 

addAllDefaultChecks: true
addAllOptionalChecks: false
disableIgnoreChecksAnnotations: false
defaultChecks:
    - ingress-targets-service
    - cronjob-has-deadline
    - container-resources
    - container-image-tag
    - container-image-pull-policy
    - container-ephemeral-storage-request-and-limit
    - statefulset-has-poddisruptionbudget
    - deployment-has-poddisruptionbudget
    - poddisruptionbudget-has-policy
    - pod-networkpolicy
    - networkpolicy-targets-pod
    - pod-probes
    - container-security-context-user-group-id
    - container-security-context-privileged
    - container-security-context-readonlyrootfilesystem
    - service-targets-pod
    - service-type
    - stable-version
    - deployment-has-host-podantiaffinity
    - statefulset-has-host-podantiaffinity
    - deployment-targeted-by-hpa-does-not-have-replicas-configured
    - statefulset-has-servicename
    - deployment-pod-selector-labels-match-template-metadata-labels
    - statefulset-pod-selector-labels-match-template-metadata-labels
    - label-values
    - horizontalpodautoscaler-has-target
    - container-ephemeral-storage-requests-and-limits
optionalChecks:
    - container-resource-requests-equal-limits
    - container-cpu-requests-equal-limits
    - container-memory-requests-equal-limits
    - container-ephemeral-storage-request-equals-limit
    - container-ports-check
    - container-seccomp-profile
include: []
exclude: []

### Usage Examples

- If one wishes to disable most checks and only run a handful, set _addAllDefaultChecks_ to false and then add the desired checks to _include_

- If one wishes to run all tests, set _addAllOptionalChecks_ to true 

- If one wishes to run the majority of default checks, but exclude some, add the checks you wish to not run to _exclude_
kmarteaux commented 2 years ago

@zegl - What do you think of this PR?