FWI-4307 - fix checks category (#964)

* fix checks category

* add changelog

checks/metadataAndNameMismatched.yaml

@@ -1,5 +1,6 @@
 successMessage: Label app.kubernetes.io/name matches metadata.name
 failureMessage: Label app.kubernetes.io/name must match metadata.name
+category: Reliability
 target: Controller
 schema:
   '$schema': http://json-schema.org/draft-07/schema

checks/priorityClassNotSet.yaml

@@ -1,6 +1,6 @@
 successMessage: Priority class has been set
 failureMessage: Priority class should be set
-category: Security
+category: Reliability
 target: PodSpec
 schema:
   '$schema': http://json-schema.org/draft-07/schema

docs/admission-controller.md

@@ -53,7 +53,7 @@ This means Polaris will remediate the issue it finds, rather than rejecting
 the deployment.
 
 To enable the mutating webhook, add `--set webhook.mutate=true` to your
-Helm instlallation command.
+Helm installation command.
 
 The following default checks currently have mutation support enabled:
 * `hostPIDSet`

docs/changelog.md

@@ -6,6 +6,10 @@ meta:
 
 ---
 
+## 8.1.1
+* Add category for `metadataAndNameMismatched`.
+* Fix category for `priorityClassNotSet`.
+
 ## 8.1.0
 * Add `insights-host` global flag to configure Fairwinds Insights host (defaults to `https://insights.fairwinds.com`).
 * Add new `auth` sub-commands be able to authenticate on Polaris using Fairwinds Insights credentials

docs/checks/reliability.md

@@ -16,8 +16,8 @@ key | default | description
 `pullPolicyNotAlways` | `warning` | Fails when an image pull policy is not `always`.
 `priorityClassNotSet` | `warning` | Fails when a priorityClassName is not set for a pod.
 `deploymentMissingReplicas` | `warning` | Fails when there is only one replica for a deployment.
-`missingPodDisruptionBudget` | `warning`
-`metadataAndNameMismatched` | `warning`
+`missingPodDisruptionBudget` | `warning` | Fails when PDB is missing.
+`metadataAndNameMismatched` | `warning` | Fails when label `app.kubernetes.io/name` and `metadata.name` mismatch
 `topologySpreadConstraint` | `warning` | Fails when there is no topology spread constraint on the pod
 
 ## Background
@@ -70,4 +70,4 @@ spec:
 - [Kubernetes Docs: Configure Liveness and Readiness Probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/)
 - [Utilizing Kubernetes Liveness and Readiness Probes to Automatically Recover From Failure](https://medium.com/spire-labs/utilizing-kubernetes-liveness-and-readiness-probes-to-automatically-recover-from-failure-2fe0314f2b2e)
 - [Kubernetes Liveness and Readiness Probes: How to Avoid Shooting Yourself in the Foot](https://blog.colinbreck.com/kubernetes-liveness-and-readiness-probes-how-to-avoid-shooting-yourself-in-the-foot/)
-- [Topology Spread Cosntraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/)
+- [Topology Spread Constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/)

test/mutation_test.go

@@ -19,7 +19,7 @@ checks:
   hostNetworkSet: danger
   hostPortSet: warning
   deploymentMissingReplicas: warning
-  priorityClassNotSet: ignore
+  priorityClassNotSet: warning
   runAsRootAllowed: danger
   cpuRequestsMissing: warning
   cpuLimitsMissing: warning