kube-score v1.17 releases: performs static code analysis of your Kubernetes object definitions
kube-score
kube-score is a tool that performs static code analysis of your Kubernetes object definitions.
The output is a list of recommendations of what you can improve to make your application more secure and resilient.
Checks
For a full list of checks, see README_CHECKS.md.
- Container limits (should be set)
- Pod is targeted by a
NetworkPolicy
, both egress and ingress rules are recommended - Deployments and StatefulSets should have a
PodDisruptionPolicy
- Deployments and StatefulSets should have host PodAntiAffinity configured
- Container probes, a readiness should be configured, and should not be identical to the liveness probe. Read more in README_PROBES.md.
- Container securityContext, run as high number user/group, do not run as root or with privileged root fs
- Stable APIs, use a stable API if available (supported: Deployments, StatefulSets, DaemonSet)
Changelog v1.17
- 4f4d94b Add new –all-default-optional flag to enable all optional tests (@kmarteaux)
- 2c61f70 Additional test case for multiple ignore annotations (@kmarteaux)
- ba23a2d Fix implied ignore annotations block in isEnabled function (@kmarteaux)
- 3bf6bc5 [#495] add updated score.go. update podtopologyspreadconstraints package name (@kmarteaux)
- f5d2695 [#495] implement feature request: topologySpreadConstraints (@kmarteaux)
- f0e1c0d rendered: fix tests for human output
- c965b17 renderer: override color support logic to add colors on GitHub Actions
- 07e5b94 score: generic check functions
- c41dec1 score: generic pod checker functions
- 048aa2f score: generic register meta check
Install & Use
Copyright (c) 2018 Gustav Westling