[gitops] Fix kubelinter errors #35
Description
Description of the issue
When running kube-linter (part of #14 )
There are currently 139 errors. over 200 errors across 26 + unique rule violations.
These mainly relate to container permissions e.g. running as root / read only filesystems / cpu and memory limits etc.
Initially it appeared to be limited to a few types as previously mentioned above, but upon rescanning after ignoring / attempting to correct some of these, then rescanning. More were actually printed. As of the latest commit on main e558423
These are the types of rule violations:
- access-to-create-pods
- dangling-servicemonitor
- default-service-account
- dnsconfig-options
- exposed-services
- host-network
- host-pid
- latest-tag
- minimum-three-replicas
- mismatching-selector
- no-liveness-probe
- no-node-affinity
- no-read-only-root-fs
- no-readiness-probe
- no-rolling-update-strategy
- non-existent-service-account
- non-isolated-pod
- privilege-escalation-container
- privileged-container
- privileged-ports
- read-secret-from-env-var
- required-annotation-email
- required-label-owner
- run-as-non-root
- unset-cpu-requirements
- unset-memory-requirements
For context, I generated the exact list with the following:
kube-linter lint . | grep -o '(check: [a-zA-Z\-]*,' | sort | uniq | sed 's/(check: \(.*\),/\1/'
We should investigate fixing them . Before #14