checks: # reliability multipleReplicasForDeployment: warning priorityClassNotSet: warning tagNotSpecified: danger pullPolicyNotAlways: warning readinessProbeMissing: warning livenessProbeMissing: warning # efficiency cpuRequestsMissing: warning cpuLimitsMissing: warning memoryRequestsMissing: warning memoryLimitsMissing: warning # security hostIPCSet: danger hostPIDSet: danger notReadOnlyRootFilesystem: warning privilegeEscalationAllowed: danger runAsRootAllowed: warning runAsPrivileged: danger dangerousCapabilities: danger insecureCapabilities: warning hostNetworkSet: warning hostPortSet: warning # custom resourceLimits: warning imageRegistry: danger exemptions: - controllerNames: - my-network-controller rules: - hostNetworkSet - hostPortSet - namespace: kube-system controllerNames: - my-network-controller rules: - hostNetworkSet - hostPortSet customChecks: resourceLimits: containers: exclude: - initContainer successMessage: Resource limits are within the required range failureMessage: Resource limits should be within the required range category: Resources target: Container schema: '$schema': http://json-schema.org/draft-07/schema type: object required: - resources properties: resources: type: object required: - limits properties: limits: type: object required: - memory - cpu properties: memory: type: string resourceMinimum: 100M resourceMaximum: 6G cpu: type: string resourceMinimum: 100m resourceMaximum: "2" imageRegistry: successMessage: Image comes from allowed registries failureMessage: Image should not be from disallowed registry category: Images target: Container schema: '$schema': http://json-schema.org/draft-07/schema type: object properties: image: type: string not: pattern: ^quay.io