search

zegl / kube-score

Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.
https://kube-score.com
MIT License
2.68k stars 175 forks source link

Kube score configuration file #468

Closed kmarteaux closed 1 year ago

kmarteaux commented 2 years ago 
RELNOTE: kube-score configuration file capability

### Configuration File Creation 

kube-score mkconfig action will create a configuration file from its registered checks. A user create a configuration file by running 

$ kube-score mkconfig --config /pathname/to/file

If the file has already been created, use the --force flag to overwrite the file. 

##  Configuration File Creation 

# Create a file from scratch
$ ./kube-score mkconfig --config ./kube-score.yml
Created kube-score configuration file ./kube-score.yml

# Overwrite an existing configuration 
$ ./kube-score mkconfig --config ./.kube-score.yml
File ./.kube-score.yml exists. Use --force flag to overwrite

$ ./kube-score mkconfig --config ./.kube-score.yml --force
Created kube-score configuration file  ./.kube-score.yml

## Configuration File Use
To use the generated configuration file with kube-score 

$ kube-score score --config /pathname/to/config-file  /pathnname/to/<whatever>.yaml   

##  Sample Configuration Files 

A configuration can contain a list of checks to include and exclude

# Include all tests (default and optional), while explicitly enabling and disabling select tests 

`disable-all: true
enable:
- ingress-targets-service
- cronjob-has-deadline
- container-resources
- container-image-tag

enable-all: true
disable:
- statefulset-has-poddisruptionbudget
- deployment-has-poddisruptionbudget
- poddisruptionbudget-has-policy
- pod-networkpolicy`

# Default Configuration File

`disable-all: false
enable: []
enable-all: false
disable: []`

## Combining a configuration file with command line directives

Setting --enable-optional-test would be the same as adding the test to enable, and setting --ignore-test would be the same as adding it to disable. This featured adds the --enable and --disable flags as aliases to the aforementioned objects.

###  High Level Feature Logic

Start with an empty enable and disable list
If enable-all is true, add all tests to the list. If it's false, add only the non-optional tests to the list.
If disable-all is true, add all tests to the disable list. If it's false, do nothing.
If enable is set, use it as the enable list.
If disable is set, use it as the disable list.
If --enable-optional-test is set, add the test(s) to the enable list
If --ignore-test is set, add the test(s) to the disable list
And when running, run a test if the test is on the enable list and not on the disable list.
kmarteaux commented 2 years ago

@zegl do you want this PR withdrawn?

zegl commented 1 year ago

@kmarteaux First, thanks for working on this!

But yes, I don't know if this feature really fits in kube-score. We already have configurations etc, and this feels like it might add more confusion to an already confusing set of configuration options.

I'm sorry for having wasted your time on this.

day1118 commented 1 year ago

I think it is a shame not to accept this @zegl - There are clearly multiple people asking for it (including again in #499).

Personally, a config file means that the configuration is much easier to reuse between different scripts etc, and much easier to track in git in its own file, rather than in a series of flags inside a script/CI etc.

cc @kmarteaux

emmeowzing commented 1 year ago

I have to agree @day1118.