kube-score v1.11 releases: performs static code analysis of your Kubernetes object definitions
kube-score is a tool that performs static code analysis of your Kubernetes object definitions.
For a full list of checks, see README_CHECKS.md.
- Container limits (should be set)
- Pod is targeted by a
NetworkPolicy, both egress and ingress rules are recommended
- Deployments and StatefulSets should have a
- Deployments and StatefulSets should have host PodAntiAffinity configured
- Container probes, a readiness should be configured, and should not be identical to the liveness probe. Read more in README_PROBES.md.
- Container securityContext, run as high number user/group, do not run as root or with privileged root fs
- Stable APIs, use a stable API if available (supported: Deployments, StatefulSets, DaemonSet)
- Support for Kubernetes v1.21 and the new versions of the PodDisruptionBudget and CronJob APIs
- #362 Support policy/v1 of PodDisruptionBudget. If –kubernetes-version is set to v1.21 or later, policy/v1 will be recommended over policy/v1beta1
- #361 Support batch/v1/CronJob, and recommend to use the batch/v1 version if
--kubernetes-versionis set to v1.21 or later
Copyright (c) 2018 Gustav Westling