Skip to content

Enable all kube-linter rules #753

New issue
New issue
Open
#1057
Open
Enable all kube-linter rules#753
#1057
Labels
area/maintenancearea/testing
Milestone
Daily maintenance
@czeslavo

Description

@czeslavo
czeslavo
opened on Feb 16, 2023

Context

In #751 we added kube-linter to our CI pipeline, suppressing all rules that were failing. The goal of this ticket is to enable all ignored rules OR add an explicit ignore annotation to the objects that have to break the rule due to some higher requirement.

The annotation can look as follows:

metadata:
  annotations:
    ignore-check.kube-linter.io/privileged: "This deployment needs to run as privileged because it needs kernel access"

Rules to be enabled

  • "no-read-only-root-fs"
  • "run-as-non-root"
  • "unset-cpu-requirements"
  • "unset-memory-requirements"

Acceptance criteria

  • No rules are specified in the exclude section of the .kube-linter.yaml config.
  • If there was an object in the helm chart that has to break any of the rules, it's explicitly explained in form of an ignore-check.kube-linter.io/rule-name annotation

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/maintenancearea/testing

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions