kube-score: performs static code analysis of your Kubernetes object definitions
kube-score is a tool that performs static code analysis of your Kubernetes object definitions.
For a full list of checks, see README_CHECKS.md.
- Container limits (should be set)
- Pod is targeted by a
NetworkPolicy, both egress and ingress rules are recommended
- Deployments and StatefulSets should have a
- Deployments and StatefulSets should have host PodAntiAffinity configured
- Container probes, a readiness should be configured, and should not be identical to the liveness probe. Read more in README_PROBES.md.
- Container securityContext, run as high number user/group, do not run as root or with privileged root fs
- Stable APIs, use a stable API if available (supported: Deployments, StatefulSets, DaemonSet)
Copyright (c) 2018 Gustav Westling