kube-score icon indicating copy to clipboard operation
kube-score copied to clipboard

Published 20 hours ago verified publisher icon zegl

Improve reasoning behind best practices check

Open onmomo opened this issue 4 years ago • 0 comments

Which version of kube-score are you using?

kube-score version: 1.10.0

What did you expect to see?

For some of the checks, especially for CRITICAL checks, I would like to have a more in-depth explanation about the reasoning behind them. Either in the docs or directly in the tool. I also found it quite tricky to roll out the tool due to these missing resources.

eg https://blog.colinbreck.com/kubernetes-liveness-and-readiness-probes-how-to-avoid-shooting-yourself-in-the-foot/

  • It should never, be the same as your readinessProbe. -> Couldn't find a source to bake this.
  • The livenessProbe should never depend on downstream dependencies, such as databases or other services. -> this is probably because checking a dependant service could take longer than the livenessProbe request timeout to return due to small network slips or increased load that would cause a chain reaction.

https://github.com/zegl/kube-score/blob/master/README_CHECKS.md

  • service-type -> security issue because of open ports on the node?

onmomo avatar Dec 14 '20 13:12 onmomo