Skip to content

Latest commit

 

History

History
36 lines (36 loc) · 4.38 KB

README_CHECKS.md

File metadata and controls

36 lines (36 loc) · 4.38 KB
ID Target Description Enabled
ingress-targets-service Ingress Makes sure that the Ingress targets a Service default
cronjob-has-deadline CronJob Makes sure that all CronJobs has a configured deadline default
container-resources Pod Makes sure that all pods have resource limits and requests set. The --ignore-container-cpu-limit flag can be used to disable the requirement of having a CPU limit default
container-resource-requests-equal-limits Pod Makes sure that all pods have the same requests as limits on resources set. optional
container-cpu-requests-equal-limits Pod Makes sure that all pods have the same CPU requests as limits set. optional
container-memory-requests-equal-limits Pod Makes sure that all pods have the same memory requests as limits set. optional
container-image-tag Pod Makes sure that a explicit non-latest tag is used default
container-image-pull-policy Pod Makes sure that the pullPolicy is set to Always. This makes sure that imagePullSecrets are always validated. default
container-ephemeral-storage-request-and-limit Pod Makes sure all pods have ephemeral-storage requests and limits set default
container-ephemeral-storage-request-equals-limit Pod Make sure all pods have matching ephemeral-storage requests and limits optional
container-ports-check Pod Container Ports Checks optional
statefulset-has-poddisruptionbudget StatefulSet Makes sure that all StatefulSets are targeted by a PDB default
deployment-has-poddisruptionbudget Deployment Makes sure that all Deployments are targeted by a PDB default
poddisruptionbudget-has-policy PodDisruptionBudget Makes sure that PodDisruptionBudgets specify minAvailable or maxUnavailable default
pod-networkpolicy Pod Makes sure that all Pods are targeted by a NetworkPolicy default
networkpolicy-targets-pod NetworkPolicy Makes sure that all NetworkPolicies targets at least one Pod default
pod-probes Pod Makes sure that all Pods have safe probe configurations default
container-security-context-user-group-id Pod Makes sure that all pods have a security context with valid UID and GID set default
container-security-context-privileged Pod Makes sure that all pods have a unprivileged security context set default
container-security-context-readonlyrootfilesystem Pod Makes sure that all pods have a security context with read only filesystem set default
container-seccomp-profile Pod Makes sure that all pods have at a seccomp policy configured. optional
service-targets-pod Service Makes sure that all Services targets a Pod default
service-type Service Makes sure that the Service type is not NodePort default
stable-version all Checks if the object is using a deprecated apiVersion default
deployment-has-host-podantiaffinity Deployment Makes sure that a podAntiAffinity has been set that prevents multiple pods from being scheduled on the same node. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ default
statefulset-has-host-podantiaffinity StatefulSet Makes sure that a podAntiAffinity has been set that prevents multiple pods from being scheduled on the same node. https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ default
deployment-targeted-by-hpa-does-not-have-replicas-configured Deployment Makes sure that Deployments using a HorizontalPodAutoscaler doesn't have a statically configured replica count set default
statefulset-has-servicename StatefulSet Makes sure that StatefulSets have an existing headless serviceName. default
deployment-pod-selector-labels-match-template-metadata-labels Deployment Ensure the StatefulSet selector labels match the template metadata labels. default
statefulset-pod-selector-labels-match-template-metadata-labels StatefulSet Ensure the StatefulSet selector labels match the template metadata labels. default
label-values all Validates label values default
horizontalpodautoscaler-has-target HorizontalPodAutoscaler Makes sure that the HPA targets a valid object default
environment-variable-key-duplication Pod Makes sure that no duplicated environment variable keys. default