Kubernetes object analysis with recommendations for improved reliability and security. kube-score actively prevents downtime and bugs in your Kubernetes YAML and Charts. Static code analysis for Kubernetes.
Kubescore should report that the restartPolicy property is missing from the embedded Pod spec in the CronJob resource type.
What did you see instead?
When I tried to deploy the above YAML manifest to a Kubernetes 1.23 cluster, I received the error message below.
The CronJob "pwsh-test" is invalid: spec.jobTemplate.spec.template.spec.restartPolicy: Required value: valid values: "OnFailure", "Never"
Kubescore did not catch the missing restartPolicy property on the embedded template Pod spec.
[CRITICAL] Container Security Context User Group ID
· pwsh -> The container is running with a low user ID
A userid above 10 000 is recommended to avoid conflicts with the
host. Set securityContext.runAsUser to a value > 10000
· pwsh -> The container running with a low group ID
A groupid above 10 000 is recommended to avoid conflicts with the
host. Set securityContext.runAsGroup to a value > 10000
[CRITICAL] Pod NetworkPolicy
· The pod does not have a matching NetworkPolicy
Create a NetworkPolicy that targets this pod to control who/what
can communicate with this pod. Note, this feature needs to be
supported by the CNI implementation used in the Kubernetes cluster
to have an effect.
[CRITICAL] Container Resources
· pwsh -> CPU limit is not set
Resource limits are recommended to avoid resource DDOS. Set
resources.limits.cpu
· pwsh -> Memory limit is not set
Resource limits are recommended to avoid resource DDOS. Set
resources.limits.memory
· pwsh -> CPU request is not set
Resource requests are recommended to make sure that the application
can start and run without crashing. Set resources.requests.cpu
· pwsh -> Memory request is not set
Resource requests are recommended to make sure that the application
can start and run without crashing. Set resources.requests.memory
Which version of kube-score are you using?
What did you do?
What did you expect to see?
Kubescore should report that the
restartPolicy
property is missing from the embedded Pod spec in the CronJob resource type.What did you see instead?
When I tried to deploy the above YAML manifest to a Kubernetes 1.23 cluster, I received the error message below.
Kubescore did not catch the missing
restartPolicy
property on the embedded template Pod spec.