kube-score是一个对Kubernetes对象定义进行静态代码分析的工具
kube-score是一个对Kubernetes对象定义进行静态代码分析的工具。 输出是一个建议列表,其中包含可以改进的建议,以使您的应用程序更加安全和灵活。Changes
- #177 Fixes for panics in the human output mode when the term size can not be detected, or was too small
This release contains contributions from: Gustav Westling
Download
- Download the binaries from the GitHub release page
- Download the image from Docker Hub:
zegl/kube-score:v1.2.1
- Download the image from Docker Hub with Helm pre-installed:
zegl/kube-score:v1.2.1-helm
- Download from homebrew:
brew install kube-score/tap/kube-score
Docker images
docker pull zegl/kube-score:v1.2.1-helm
docker pull zegl/kube-score:v1.2.1
docker pull zegl/kube-score:v1.2.1-helm
docker pull zegl/kube-score:v1.2.1
Assets
9
Changes
- #173 update helm to v2.14.3
- #174 update alpine to v3.10.1
- #171 Add new "HorizontalPodAutoscaler has target" check that verifies that the HPA target exists (autoscaling/v1 only)
- #168 Display emojis after the name of each object to indicate the status. This is only affects the human output mode.
- #167 hide OK and skipped checks by default in the "human" display mode. Set the -v flag once to display OK checks, set it twice to also display skipped checks.
- #165 remove the --threshold-ok and --threshold-warning flags
Breaking changes
The --threshold-ok
and --threshold-warnings
flags have been removed, as they where confusing, and never properly worked as expected. See #164 and #165 for more information.
This release contains contributions from: Gustav Westling
Download
- Download the binaries from the GitHub release page
- Download the image from Docker Hub:
zegl/kube-score:v1.2.0
- Download the image from Docker Hub with Helm pre-installed:
zegl/kube-score:v1.2.0-helm
- Download from homebrew:
brew install kube-score/tap/kube-score
Docker images
docker pull zegl/kube-score:v1.2.0
docker pull zegl/kube-score:v1.2.0-helm
Assets
9
Changes
- #158 Added
ca-certificates
to kube-score docker image with Helm pre-installed. - #156 Add optional score container-resource-requests-equal-limits for checking resource request and limits for equality
- #152 add the
--enable-optional-test
CLI flag to allow adding opt-in only scores
This release contains contributions from: Andre Hilsendeger, Arno Uhlig, Gustav Westling
Download
- Download the binaries from the GitHub release page
- Download the image from Docker Hub:
zegl/kube-score:v1.1.0
- Download the image from Docker Hub with Helm pre-installed:
zegl/kube-score:v1.1.0-helm
- Download from homebrew:
brew install kube-score/tap/kube-score
Docker images
docker pull zegl/kube-score:v1.1.0
docker pull zegl/kube-score:v1.1.0-helm
Assets
9
Changes
- #153 ENTRYPOINT is no longer set in the "-helm" container
This release contains contributions from: Gustav Westling
Download
- Download the binaries from the GitHub release page
- Download the image from Docker Hub:
zegl/kube-score:v1.0.1
- Download the image from Docker Hub with Helm pre-installed:
zegl/kube-score:v1.0.1-helm
- Download from homebrew:
brew install kube-score/tap/kube-score
Docker images
docker pull zegl/kube-score:v1.0.1-helm
docker pull zegl/kube-score:v1.0.1
Assets
9
This is release 1.0.0 of kube-score. The project is now used by multiple companies to make sure that their Kubernetes configurations are as secure as possible.
As of writing, the pre-built binaries have been donwloaded 7300 times, the images from Docker Hub have been downloaded 3300 times, and the repository is cloned almost 150 times every day.
The 1.0.0 release indicates that the project is now stable, and will continue to be maintained in a non-breaking way.
Changes
- #147 Values from PodSecurityContext are properly inherited to the container SecurityContext
- #138 Add support for named ports in the ingress-targets-service check
- #136 Add check that validates the value of labels
- #133 Added support for JSON output. Results in the "ci" and "human" modes are now rendered in alphabetical order. Results in "ci" mode without any comments are now always rendered.
This release contains contributions from: Gustav Westling, Manuel Rüger, Matt Glick
Download
- Download the binaries from the GitHub release page
- Download the image from Docker Hub:
zegl/kube-score:v1.0.0
- Download the image from Docker Hub with Helm pre-installed:
zegl/kube-score:v1.0.0-helm
- Download from homebrew:
brew install kube-score/tap/kube-score
Docker images
docker pull zegl/kube-score:v1.0.0
docker pull zegl/kube-score:v1.0.0-helm
Assets
9
Fixes
#129 ignore probes for jobs (@sstarcher)
Download
- Download the binaries from the GitHub release page
- Download the image from Docker Hub:
zegl/kube-score:0.7.1
- Download from homebrew:
brew install kube-score/tap/kube-score
Assets
9
Features
#111 allow for ignoring memory limits (@sstarcher)
#110 ignore probes on CronJobs and enhance pod checks to be aware of the root type that created them (@sstarcher)
#105 security: alert if security context is not set (@zegl)
#121 cmd: add version sub-command (@zegl)
#117 cmd: remove backwards compatible scoring, improved error handling (@zegl)
Documentation
fa92d5c doc: improved README
359fbdc doc: update kube-score usage in the README
61ec7fe github: update contributing guidelines
0ef1e68 goreleaser: update archive configuration
0229c26 readme: minor wording changes
Testing
4a63458 apps: increased test coverage of anti affinity checks
190453a ci: configure test coverage reports with CodeCov
41e7724 ci: disable codecov PR comments
bfb2244 ci: setup bors for merging PRs
666aa67 ci: use Go 1.12
dc86c0f ingress: add tests
060e834 security: move and modify old tests
Other
c676ea7 mod: update all dependencies
1d0f679 score: propagate errors instead of panicing
Download
- Download the binaries from the GitHub release page
- Download the image from Docker Hub:
zegl/kube-score:0.7.0
- NEW: Download from homebrew:
brew install kube-score/tap/kube-score
Assets
9
Features
fbb6fe9 score: per object test ignores with the kube-score/ignore annotation
faa7074 parser: add support for List
20186ad parser: forward namespace names to pod template specs (Thanks @filintod!)
Documentation
74942ad container: clarify why the imagePullPolicy should be set to Always
742a4a9 doc: updated list of test highlights
44ac966 docs: capotalize Go
6a7b798 docs: simplify installation instructions
6b90ea0 readme: add section on ignoring tests
be4acf5 readme: update container-image-pull-policy
Internal changes
ed77d6e domain: move to a sub-package, so that the root package can be used by the public API
c589d82 parser: refactor decodeItem
e6660d7 scorecard: constants should be of type Grade
bb896f3 scorecard: simplify representation of Scorecard
bca4a0b scorecard: simplify the relationship with the object meta and the checks
Download
Download the binaries from the GitHub release page, or download the image from Docker Hub (zegl/kube-score:0.6.0
).
Assets
6
Assets
6
Features
- The kube-score cli now has two sub-commands, "score" and "list". If no sub command is specified, kube-score will default to the score command.
kube-score list
: Prints a list of all commands, this is mostly used to generate documentation.
New tests
- StatefulSet/Deployment has host PodAntiAffinity: Recommend to prevent different replicas from running on the same host #78
Changes to tests
- StatefulSet/Deployment has PodDisruptionBudget: Skip check if replicas is explicitly set < 2
- Container Image Pull Policy: Will always print a descriptive message if the check fails
Download
Download the binaries from the GitHub release page, or download the image from Docker Hub (zegl/kube-score:0.5.0
).
Assets
2
New tests
- Service Type (recommends against use of
NodePort
services) - CronJob has deadline
Download
Download the binaries from the GitHub release page, or download the image from Docker Hub (zegl/kube-score:0.4.0
).
Assets
7
Features
- Automatic release to Docker Hub
- New flag
--ignore-test
to disable a single test - New flag
--output-format
that can toggle human- and CI friendly output - New flags
--threshold-ok
and--threshold-warning
New tests
- StatefulSet has PodDisruptionBudget
- Deployment has PodDisruptionBudget
- Ingress targets Service
Fixes
- Ignore services of type ExternalName in the "Service targets Pod" test
- Handle containers without a explicit imagePullPolicy set in the "Container Image Pull Policy" test
- Handle documents with
---
that isn't a document seperator
Download
Download the binaries from the GitHub release page, or download the image from Docker Hub (zegl/kube-score:0.3.0
).
Note: The Docker image tagged as 0.3.0
has been tagged from fd864d9, containing an additional fix to the Docker image.
Watchers:9 |
Star:531 |
Fork:29 |
创建时间: 2018-09-16 21:19:19 |
最后Commits: 5天前 |
许可协议:MIT |
0524575
Verified
Changes
--enable-optional-test container-seccomp-profile
.This release contains contributions from: Gustav Westling, Patrick Spiegel, dacappo
Download
zegl/kube-score:v1.3.0
zegl/kube-score:v1.3.0-helm
brew install kube-score/tap/kube-score
Docker images
docker pull zegl/kube-score:v1.3.0
docker pull zegl/kube-score:v1.3.0-helm
Experimental: Images are now also available from the GitHub registry
docker pull docker.pkg.github.com/zegl/kube-score/kube-score:v1.3.0
docker pull docker.pkg.github.com/zegl/kube-score/kube-score:v1.3.0-helm