kube-score v1.17 releases: performs static code analysis of your Kubernetes object definitions

kube-score

kube-score is a tool that performs static code analysis of your Kubernetes object definitions.

The output is a list of recommendations of what you can improve to make your application more secure and resilient.

Checks

For a full list of checks, see README_CHECKS.md.

• Container limits (should be set)
• Pod is targeted by a NetworkPolicy, both egress and ingress rules are recommended
• Deployments and StatefulSets should have a PodDisruptionPolicy
• Deployments and StatefulSets should have host PodAntiAffinity configured
• Container probes, a readiness should be configured, and should not be identical to the liveness probe. Read more in README_PROBES.md.
• Container securityContext, run as high number user/group, do not run as root or with privileged root fs
• Stable APIs, use a stable API if available (supported: Deployments, StatefulSets, DaemonSet)

Changelog v1.17

• 4f4d94b Add new –all-default-optional flag to enable all optional tests (@kmarteaux)
• 2c61f70 Additional test case for multiple ignore annotations (@kmarteaux)
• ba23a2d Fix implied ignore annotations block in isEnabled function (@kmarteaux)
• 3bf6bc5 [#495] add updated score.go. update podtopologyspreadconstraints package name (@kmarteaux)
• f5d2695 [#495] implement feature request: topologySpreadConstraints (@kmarteaux)
• f0e1c0d rendered: fix tests for human output
• c965b17 renderer: override color support logic to add colors on GitHub Actions
• 07e5b94 score: generic check functions
• c41dec1 score: generic pod checker functions
• 048aa2f score: generic register meta check

Install & Use

Copyright (c) 2018 Gustav Westling