mirror of
https://github.com/FairwindsOps/polaris.git
synced 2026-05-13 04:36:51 +00:00
84 lines
2.0 KiB
YAML
84 lines
2.0 KiB
YAML
checks:
|
|
# reliability
|
|
multipleReplicasForDeployment: warning
|
|
# resources
|
|
cpuRequestsMissing: warning
|
|
cpuLimitsMissing: warning
|
|
memoryRequestsMissing: warning
|
|
memoryLimitsMissing: warning
|
|
# images
|
|
tagNotSpecified: danger
|
|
pullPolicyNotAlways: ignore
|
|
imageRegistry: warning
|
|
# healthChecks
|
|
readinessProbeMissing: warning
|
|
livenessProbeMissing: warning
|
|
# networking
|
|
hostNetworkSet: warning
|
|
hostPortSet: warning
|
|
# security
|
|
hostIPCSet: danger
|
|
hostPIDSet: danger
|
|
notReadOnlyRootFilesystem: warning
|
|
privilegeEscalationAllowed: danger
|
|
runAsRootAllowed: warning
|
|
runAsPrivileged: danger
|
|
dangerousCapabilities: danger
|
|
insecureCapabilities: warning
|
|
|
|
exemptions:
|
|
- controllerNames:
|
|
- my-network-controller
|
|
rules:
|
|
- hostNetworkSet
|
|
- hostPortSet
|
|
|
|
customChecks:
|
|
resourceLimits:
|
|
containers:
|
|
exclude:
|
|
- initContainer
|
|
successMessage: Resource limits are within the required range
|
|
failureMessage: Resource limits should be within the required range
|
|
category: Resources
|
|
target: Container
|
|
schema:
|
|
'$schema': http://json-schema.org/draft-07/schema
|
|
type: object
|
|
required:
|
|
- resources
|
|
properties:
|
|
resources:
|
|
type: object
|
|
required:
|
|
- limits
|
|
properties:
|
|
limits:
|
|
type: object
|
|
required:
|
|
- memory
|
|
- cpu
|
|
properties:
|
|
memory:
|
|
type: string
|
|
resourceMinimum: 100M
|
|
resourceMaximum: 6G
|
|
cpu:
|
|
type: string
|
|
resourceMinimum: 100m
|
|
resourceMaximum: "2"
|
|
imageRegistry:
|
|
successMessage: Image comes from allowed registries
|
|
failureMessage: Image should not be from disallowed registry
|
|
category: Images
|
|
target: Container
|
|
schema:
|
|
'$schema': http://json-schema.org/draft-07/schema
|
|
type: object
|
|
properties:
|
|
image:
|
|
type: string
|
|
not:
|
|
pattern: ^quay.io
|
|
|