Giters

stackrox / kube-linter

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

Home Page:https://docs.kubelinter.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[FEATURE_REQUEST] Ignore Violations For Specific Resources Using YAML Config File

krugerm-4c opened this issue · comments

commented

Description of the problem/feature request
Currently the only way to ignore a violation for a specific check and a specific resource is via the annotation method. The problem is we pull through the public Helm Charts and deem them immutable to facilitate easier upgrades further down the line and in some cases the maintainers have not made annotations a configurable field from the values.yaml file.

An example would be a test Pod resource that does not contain a readinessProbe directive. We don't want to exclude this check completely as its important for the actual component, but would want to ignore for this specific Pod resource.

An option (might be others as well) could be to configure this in the YAML file, kube-linter.yaml, that is an add-on to the folder structure.

For example:

# Pattern
ignoreChecks:
  <check-name>:
    resources:
      - name: <resource-name>
        reason: <explanation>

# Example
ignoreChecks:
  no-readiness-probe:
    resources:
      - name: component-A-service-test
        reason: "Test pod does not require readiness probe"

The above is not absolute, its just a point of reference using the information one would supply via the annotation in a easy reusable way.

Description of the existing behavior vs. expected behavior
Existing behavior is this is not possible without altering the YAML resource file directly. Expected behavior is for a lint check to pass if able to ignore violations via the YAML configuration file.

Additional context
N/A