kmarteaux
commented
1 year ago @zegl - do you want this implemented? If so, assign it me.
Closed GeiserX closed 1 year ago
kmarteaux
commented
1 year ago @zegl - do you want this implemented? If so, assign it me.
zegl
commented
1 year ago Thanks for the suggestion @DrumSergio, I like it!
However, I think that we should tweak the suggestion slightly, to play nicely with the existing --enable-optional-test and --ignore-test flags.
Instead of a --run-test flag, I propose to add a --all-default-optional flag (maybe there is a better name?) that makes all tests opt-in by default, and allows individual tests to be enabled with the existing --enable-optional-test flag.
Usage of --all-default-optional and --ignore-test together would lead to an error.
@kmarteaux Nice! I'll assign this one to you. It's really cool that you're contributing! :-)
What do you think of my suggested alterations to this issue above?
kmarteaux
commented
1 year ago @zegl - the proposed implementation makes sense to me.
kmarteaux
commented
1 year ago @zegl - As I reread the comments, I stumbled across the assertion of --all-default-optional and --ignore-test together should lead to an error
Opting-in all tests is easy enough with an --all-default-optional flag, so if one had a scenario where Set D = default tests, Set O = optional tests, and Set E = excluded tests
Let D = { a, b, c }
Let O = { d, e }the effect of the flag would be to produce:
T = (D ^ O), which is { a, b, c, d, e } If one wanted to then exclude test 'a' the combination of --all-default-optional & --ignore-test "a" should lead to
Let E = { a }
T= (D ^ O) - E, which is { b, c, d, e } This strikes me as correct behavior, but you've indicated it should throw an error. Is that the behavior you really want?
zegl
commented
1 year ago Hmmm, you're right. There might be a way to allow for both --all-default-optional and --ignore-test to be used together, for now tough, I think that the implementation in #529 is good enough. I'll go ahead and merge it!
Sorry for being a bit slow to review here...
Sam13
commented
4 months ago Can anybody provide an example command line to e.g. just execute the check container-image-tag and leave out all other checks?
zegl
commented
4 months ago @Sam13 The current command for that would be something like this. Not the prettiest thing in the world, but it works :)
kube-score score \
--ignore-test deployment-strategy \
--ignore-test deployment-replicas \
--ignore-test ingress-targets-service \
--ignore-test cronjob-has-deadline \
--ignore-test cronjob-restartpolicy \
--ignore-test container-resources \
--ignore-test container-resource-requests-equal-limits \
--ignore-test container-cpu-requests-equal-limits \
--ignore-test container-memory-requests-equal-limits \
--ignore-test container-image-pull-policy \
--ignore-test container-ephemeral-storage-request-and-limit \
--ignore-test container-ephemeral-storage-request-equals-limit \
--ignore-test container-ports-check \
--ignore-test environment-variable-key-duplication \
--ignore-test statefulset-has-poddisruptionbudget \
--ignore-test deployment-has-poddisruptionbudget \
--ignore-test poddisruptionbudget-has-policy \
--ignore-test pod-networkpolicy \
--ignore-test networkpolicy-targets-pod \
--ignore-test pod-probes \
--ignore-test container-security-context-user-group-id \
--ignore-test container-security-context-privileged \
--ignore-test container-security-context-readonlyrootfilesystem \
--ignore-test container-seccomp-profile \
--ignore-test service-targets-pod \
--ignore-test service-type \
--ignore-test stable-version \
--ignore-test deployment-has-host-podantiaffinity \
--ignore-test statefulset-has-host-podantiaffinity \
--ignore-test deployment-targeted-by-hpa-does-not-have-replicas-configured \
--ignore-test statefulset-has-servicename \
--ignore-test deployment-pod-selector-labels-match-template-metadata-labels \
--ignore-test statefulset-pod-selector-labels-match-template-metadata-labels \
--ignore-test label-values \
--ignore-test horizontalpodautoscaler-has-target \
--ignore-test pod-topology-spread-constraints@zegl Thanks for the clarification. I was confused because this issue is closed but it seems that the original feature request is not implemented, isn't it? I think this feature would be useful when you have existing K8s clusters and start adding kube-score to your GitOps CI build: you cannot change everything at once...
This is a proposal of a feature request.
Currently, there is only the option
--ignore-testto select the tests you want to exclude. I would like to request to have the opposite option, so whenever this flag--run-test stringsis enabled, just check the given test(s), leaving out the rest of the tests.