GitHub - zegl/kube-score: Kubernetes object linting
source link: https://github.com/zegl/kube-score
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
kube-score
kube-score is a tool that does static code analysis of your Kubernetes object definitions.
The output is a list of recommendations of what you can improve to make your application more secure and resiliant.
Installation
Download
Pre-built releases can be downloaded from the Github Releases page, or from Docker Hub.
Building from source
kube-score requires go in version 1.11.+ with go modules. To install kube-score into you local gobin path run the following commands:
go get github.com/zegl/kube-score cd $GOPATH/src/github.com/zegl/kube-score/ GO111MODULE=on go install github.com/zegl/kube-score/cmd/kube-score
Checks
- Container limits (should be set)
- Container image tag (should not be
:latest) - Container image pull policy (should be
Always) - Pod is targeted by a
NetworkPolicy, both egress and ingress rules are recommended - Container probes, both readiness and liveness checks should be configured, and should not be identical
- Container securityContext, run as high number user/group, do not run as root or with privileged root fs
- Stable APIs, use a stable API if available (supported: Deployments, StatefulSets, DaemonSet)
Example output
Usage in CI
kube-score can run in your CI/CD environment and will exit with exit code 1 if a critical error has been found.
The trigger level can be changed to warning with the --exit-one-on-warning argument.
The input to kube-score should be all applications that you deploy to the same namespace for the best result.
Example with Helm
helm template my-app | kube-score -Example with static yamls
kube-score my-app/*.yamlkube-score my-app/deployment.yaml my-app/service.yaml
Configuration
Usage: kube-score [--flag1 --flag2] file1 file2 ...
Use "-" as filename to read from STDIN.
Usage of ./kube-score:
-exit-one-on-warning
Exit with code 1 in case of warnings
-help
Print help
-v Verbose output
Recommend
-
17
kubernetes之kube-scheduler源码浅析 2019.02.12原创文章 0 °C kube-scheduler是集群中Master...
-
4
Krafting Kubernetes: Red Hat K-codes in Kube by Example Adrian Bridgwater Published: 13 October 2021...
-
14
Build Kubernetes pods with Podman play kube Enhancements include building images and tearing down pods with play kube and su...
-
6
使用 kube-vip 搭建高可用 Kubernetes 集群-阳明的博客|Kubernetes|Istio|Prometheus|Python|Golang|云原生 https://unsplash.com/photos/QsgE8vzTTSo kube-vip 可以在你的控制平...
-
3
Kubernetes 1.8 发布已经好几天,1.8 对于 kube-proxy 组件增加了 ipvs 支持,以下记录一下 kube-proxy ipvs 开启教程一、环境准备目前测试为 5 台虚拟机,CentOS 系统,etcd、kubernetes 全部采用 rpm 安装,使用 sy...
-
8
点击查看目录 本文为云杉网络原力释放 - 云原生可观测性分享会第十期直播实录。
-
11
Extremely Linear Git History Dreaming of a git commit history that looks like this?
-
5
源码分析 kubernetes kube-proxy 的设计实现 kubernetes kube-proxy 的版本是 v1.27.0 cmd 入口 kube-proxy 启动的过程就不细说了,简单说就是解析传递配置,构建 ProxyServer 服务,最后启动
-
6
Kubernetes:kube-apiserver 之 scheme(一) 在进入 kube-apiserver 源码分析前,有一...
-
5
kubernetes:kube-apiserver 系列文章: kube-apiserver 不仅负责 RESTful API 路由的建立,也负责请求的认证,授权和准入。如下图所示:
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK