[FEATURE_REQUEST] Ignoring violations for Containers and initContainers
ohnickmoy opened this issue · comments
Description of the problem/feature request
As per the Kubernetes spec, Containers and initContainers do not have capabilities to be annotated, since they have no metadata
field to populate.
Therefore, it's not possible ignore a check for a container or initContainer. It would be nice for some feature to allow some alternative way to allow ignoring checks for fields nested within the yaml file.
For instance, the below yaml is a CronJob that has a initContainer that utilizes an image that violates the latest-tag check. There's no way to annotate the initContainer given the spec.
---
apiVersion: batch/v1beta1
kind: CronJob
spec:
jobTemplate:
metadata:
annotation:
ignore-check.kube-linter.io/latest-tag
spec:
template:
spec:
serviceAccountName: redacted-sa-name
initContainers:
- name: secret-render
command:
- /bin/sh
do-other-things
image: image-that-violates-latest-tag:latest
Description of the existing behavior vs. expected behavior
initContainer above would still violate the check despite being annotated at a higher level field
Apologies again...i figured out the issue.