You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Use a specific, immutable tagimage: my-app:v1.0.0
Static Analysis for Kubernetes Manifests Using KubeLinter
- description: A regex specifying the required service account to match.name: serviceAccountnegationAllowed: trueregexAllowed: truerequired: truetype: string
# Export the Go URL to a variable# Change the version number if needed
url=https://go.dev/dl/go1.24.1.linux-amd64.tar.gz
# Download the Go tarball
wget $url# Extract the tarball to /usr/local
tar -C /usr/local -xzf go1.24.1.linux-amd64.tar.gz
# Add the Go binary to the PATHecho'export PATH=$PATH:/usr/local/go/bin'>>~/.bashrc
# Source the .bashrc filesource~/.bashrc
# Remove the tarball
rm go1.24.1.linux-amd64.tar.gz
# Verify the installation
go version
# Export the Kube-linter version to a variableexport KUBE_LINTER_VERSION=v0.7.2
# Install Kube-linter using Go
go install \
golang.stackrox.io/kube-linter/cmd/kube-linter@$KUBE_LINTER_VERSION# Export the Kube-linter binary to the PATHecho'export PATH=$PATH:$(go env GOPATH)/bin'>>~/.bashrc
# Source the .bashrc filesource~/.bashrc
kube-linter lint $HOME/RestQR/deploy/kubernetes
/root/RestQR/deploy/kubernetes/menu-deployment.yaml: (object: <no namespace>/menu apps/v1, Kind=Deployment) container "menu" does not have a read-only root file system (check: no-read-only-root-fs, remediation: Set readOnlyRootFilesystem to truein the container securityContext.)
/root/RestQR/deploy/kubernetes/menu-deployment.yaml: (object: <no namespace>/menu apps/v1, Kind=Deployment) container "menu" has cpu request 0 (check: unset-cpu-requirements, remediation: Set CPU requests for your container based on its requirements. Refer to https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#requests-and-limits for details.)
[..truncated..]
apiVersion: apps/v1kind: Deployment[..truncated..]spec:
replicas: 1[..truncated..]spec:
containers:
- name: menu [..truncated..]# This is where the security context should be added # Security Context for the containersecurityContext:
# Set the container to run as a non-root userrunAsNonRoot: true# Set the root filesystem to read-onlyreadOnlyRootFilesystem: true[..truncated..]