2019-06-22 17:26:11 +00:00
|
|
|
name: salty-dog-kubernetes
|
2019-06-15 22:38:05 +00:00
|
|
|
rules:
|
2019-06-16 00:25:47 +00:00
|
|
|
- name: kubernetes-resources
|
2019-06-16 00:43:01 +00:00
|
|
|
desc: containers must have complete resources specified
|
2019-06-15 22:38:05 +00:00
|
|
|
level: info
|
|
|
|
tags:
|
|
|
|
- cluster-health
|
|
|
|
- important
|
2019-06-16 03:54:40 +00:00
|
|
|
- kubernetes
|
2019-06-15 22:38:05 +00:00
|
|
|
|
2019-06-16 00:25:47 +00:00
|
|
|
select: '$.spec.template.spec.containers[*]'
|
|
|
|
check:
|
2019-06-15 22:38:05 +00:00
|
|
|
type: object
|
|
|
|
additionalProperties: true
|
|
|
|
required: [resources]
|
|
|
|
properties:
|
|
|
|
resources:
|
|
|
|
type: object
|
|
|
|
required: [limits, requests]
|
|
|
|
properties:
|
|
|
|
limits:
|
|
|
|
type: object
|
|
|
|
required: [cpu, memory]
|
|
|
|
properties:
|
2019-06-16 01:53:20 +00:00
|
|
|
cpu: &resources-cpu
|
2019-06-24 04:00:44 +00:00
|
|
|
oneOf:
|
|
|
|
- type: number
|
|
|
|
minimum: 1
|
|
|
|
- type: string
|
|
|
|
pattern: "[1-9][0-9]*m"
|
2019-06-16 01:53:20 +00:00
|
|
|
memory: &resources-memory
|
|
|
|
oneOf:
|
|
|
|
- type: number
|
2019-06-17 00:16:32 +00:00
|
|
|
minimum: 1
|
2019-06-16 01:53:20 +00:00
|
|
|
- type: string
|
|
|
|
pattern: "[1-9][0-9]*[KMG]i"
|
2019-06-15 22:38:05 +00:00
|
|
|
requests:
|
|
|
|
type: object
|
|
|
|
required: [cpu, memory]
|
|
|
|
properties:
|
2019-06-16 01:53:20 +00:00
|
|
|
cpu: *resources-cpu
|
|
|
|
memory: *resources-memory
|
2019-06-16 00:25:47 +00:00
|
|
|
|
|
|
|
- name: kubernetes-resources-minimum-cpu
|
|
|
|
desc: resource limits are too low
|
|
|
|
level: debug
|
|
|
|
tags:
|
2019-06-16 03:54:40 +00:00
|
|
|
- kubernetes
|
2019-06-16 00:25:47 +00:00
|
|
|
- optional
|
|
|
|
|
|
|
|
select: '$.spec.template.spec.containers[*].resources'
|
2019-06-17 11:55:46 +00:00
|
|
|
# filter containers with cpu limits
|
2019-06-16 00:25:47 +00:00
|
|
|
filter:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
limits:
|
|
|
|
type: object
|
|
|
|
properties:
|
2019-06-25 03:32:39 +00:00
|
|
|
cpu: *resources-cpu
|
2019-06-16 00:25:47 +00:00
|
|
|
|
2019-06-16 03:51:03 +00:00
|
|
|
# ensure the limits aren't *too* low
|
2019-06-16 00:25:47 +00:00
|
|
|
check:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
limits:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
cpu:
|
2019-06-24 04:00:44 +00:00
|
|
|
oneOf:
|
|
|
|
- type: number
|
|
|
|
minimum: 1
|
|
|
|
- type: string
|
|
|
|
pattern: "[1-9][0-9]{2,}m"
|
2019-06-16 01:53:39 +00:00
|
|
|
|
|
|
|
- name: kubernetes-deployment-replicas
|
2019-06-16 03:51:03 +00:00
|
|
|
desc: deployments must specify a positive replica count
|
2019-06-16 01:53:39 +00:00
|
|
|
level: info
|
|
|
|
tags:
|
|
|
|
- important
|
2019-06-16 03:54:40 +00:00
|
|
|
- kubernetes
|
2019-06-16 01:53:39 +00:00
|
|
|
|
2019-06-16 03:51:03 +00:00
|
|
|
# select the root of the document
|
2019-06-16 01:53:39 +00:00
|
|
|
select: '$'
|
2019-06-16 03:51:03 +00:00
|
|
|
|
|
|
|
# filter deployments
|
2019-06-16 01:53:39 +00:00
|
|
|
filter:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
kind:
|
|
|
|
type: string
|
|
|
|
const: Deployment
|
|
|
|
|
2019-06-16 03:51:03 +00:00
|
|
|
# ensure replicas are greater than 0
|
2019-06-16 01:53:39 +00:00
|
|
|
check:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
spec:
|
|
|
|
type: object
|
|
|
|
properties:
|
|
|
|
replica:
|
|
|
|
type: number
|
2019-06-25 03:32:39 +00:00
|
|
|
minimum: 1
|