-
Notifications
You must be signed in to change notification settings - Fork 233
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update unset-memory-requirements and unset-cpu-requirements, fixes #694
- Loading branch information
Showing
7 changed files
with
21 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,11 +5,11 @@ | |
|
||
# What is KubeLinter? | ||
|
||
KubeLinter analyzes Kubernetes YAML files and Helm charts, and checks them against a variety of best practices, with a focus on production readiness and security. | ||
KubeLinter analyzes Kubernetes YAML files and Helm charts, and checks them against a variety of best practices, with a focus on production readiness and security. | ||
|
||
KubeLinter runs sensible default checks, designed to give you useful information about your Kubernetes YAML files and Helm charts. This is to help teams check early and often for security misconfigurations and DevOps best practices. Some common examples of these include running containers as a non-root user, enforcing least privilege, and storing sensitive information only in secrets. | ||
|
||
KubeLinter is configurable, so you can enable and disable checks, as well as create your own custom checks, depending on the policies you want to follow within your organization. | ||
KubeLinter is configurable, so you can enable and disable checks, as well as create your own custom checks, depending on the policies you want to follow within your organization. | ||
|
||
When a lint check fails, KubeLinter reports recommendations for how to resolve any potential issues and returns a non-zero exit code. | ||
|
||
|
@@ -50,13 +50,13 @@ Installing KubeLinter from source is as simple as following these steps: | |
```bash | ||
git clone [email protected]:stackrox/kube-linter.git | ||
``` | ||
|
||
1. Then, compile the source code. This will create the kube-linter binary files for each platform and places them in the `.gobin` folder. | ||
|
||
```bash | ||
make build | ||
``` | ||
|
||
1. Finally, you are ready to start using KubeLinter. Verify your version to ensure you've successfully installed KubeLinter. | ||
```bash | ||
|
@@ -162,7 +162,7 @@ Consider the following sample pod specification file `pod.yaml`. This file has t | |
securityContext: | ||
allowPrivilegeEscalation: false | ||
``` | ||
1. Copy the YAML above to pod.yaml and lint this file by running the following command: | ||
```bash | ||
|
@@ -205,7 +205,7 @@ the future to the command usage, flags, and configuration file formats. However, | |
we encourage you to use KubeLinter to test your environment YAML files, see what | ||
breaks, and [contribute](./CONTRIBUTING.md). | ||
## LICENSE | ||
## LICENSE | ||
KubeLinter is licensed under the [Apache License 2.0](./LICENSE). | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,13 @@ | ||
name: "unset-memory-requirements" | ||
description: "Indicates when containers do not have memory requests and limits set." | ||
remediation: >- | ||
Set memory requests and limits for your container based on its requirements. | ||
Set memory limits for your container based on its requirements. | ||
Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details. | ||
scope: | ||
objectKinds: | ||
- DeploymentLike | ||
template: "memory-requirements" | ||
params: | ||
requirementsType: "any" | ||
requirementsType: "limits" | ||
lowerBoundMB: 0 | ||
upperBoundMB: 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -25,6 +25,4 @@ spec: | |
containers: | ||
- name: app | ||
requests: | ||
memory: 1Gi | ||
limits: | ||
memory: 1Gi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -24,7 +24,5 @@ spec: | |
spec: | ||
containers: | ||
- name: app | ||
requests: | ||
cpu: 1 | ||
limits: | ||
limit: | ||
cpu: 1 |