feat: update issue map and tomls for kube-linter

Author: jaffrey-deepsource

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1052.toml

@@ -0,0 +1,14 @@
+
+title = "dangling-servicemonitor"
+verbose_name = "dangling-servicemonitor"
+severity = "major"
+category = "antipattern"
+weight = 70
+description = """
+Indicates when a service monitor's selectors don't match any service. ServiceMonitors are a custom resource only used by the Prometheus operator (https://prometheus-operator.dev/docs/operator/design/#servicemonitor).
+
+<!--more-->
+
+## Remediation
+Check selectors and your services.
+"""

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1053.toml

@@ -0,0 +1,14 @@
+
+title = "job-ttl-seconds-after-finished"
+verbose_name = "job-ttl-seconds-after-finished"
+severity = "major"
+category = "antipattern"
+weight = 70
+description = """
+Indicates when standalone jobs do not set ttlSecondsAfterFinished and when jobs managed by cronjob do set ttlSecondsAfterFinished.
+
+<!--more-->
+
+## Remediation
+Set Job.spec.ttlSecondsAfterFinished. Unset CronJob.Spec.JobTemplate.Spec.ttlSecondsAfterFinished.
+"""

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1054.toml

@@ -0,0 +1,14 @@
+
+title = "liveness-port"
+verbose_name = "liveness-port"
+severity = "major"
+category = "antipattern"
+weight = 70
+description = """
+Indicates when containers have a liveness probe to a not exposed port.
+
+<!--more-->
+
+## Remediation
+Check which ports you've exposed and ensure they match what you have specified in the liveness probe.
+"""

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1055.toml

@@ -0,0 +1,14 @@
+
+title = "pdb-unhealthy-pod-eviction-policy"
+verbose_name = "pdb-unhealthy-pod-eviction-policy"
+severity = "major"
+category = "antipattern"
+weight = 70
+description = """
+Indicates when a PodDisruptionBudget does not explicitly set the unhealthyPodEvictionPolicy field.
+
+<!--more-->
+
+## Remediation
+Set unhealthyPodEvictionPolicy to AlwaysAllow. Refer to https://kubernetes.io/docs/tasks/run-application/configure-pdb/#unhealthy-pod-eviction-policy for more information.
+"""

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1056.toml

@@ -0,0 +1,14 @@
+
+title = "priority-class-name"
+verbose_name = "priority-class-name"
+severity = "major"
+category = "antipattern"
+weight = 70
+description = """
+Indicates when a deployment-like object does not use a valid priority class name
+
+<!--more-->
+
+## Remediation
+Set up the priority class name for your object to any accepted values.
+"""

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1057.toml

@@ -0,0 +1,14 @@
+
+title = "readiness-port"
+verbose_name = "readiness-port"
+severity = "major"
+category = "antipattern"
+weight = 70
+description = """
+Indicates when containers have a readiness probe to a not exposed port.
+
+<!--more-->
+
+## Remediation
+Check which ports you've exposed and ensure they match what you have specified in the readiness probe.
+"""

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1058.toml

@@ -0,0 +1,14 @@
+
+title = "restart-policy"
+verbose_name = "restart-policy"
+severity = "major"
+category = "antipattern"
+weight = 70
+description = """
+Indicates when a deployment-like object does not use a restart policy
+
+<!--more-->
+
+## Remediation
+Set up the restart policy for your object to 'Always' or 'OnFailure' to increase the fault tolerance.
+"""

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1059.toml

@@ -0,0 +1,14 @@
+
+title = "scc-deny-privileged-container"
+verbose_name = "scc-deny-privileged-container"
+severity = "major"
+category = "antipattern"
+weight = 70
+description = """
+Indicates when allowPrivilegedContainer SecurityContextConstraints set to true
+
+<!--more-->
+
+## Remediation
+SecurityContextConstraints has AllowPrivilegedContainer set to "true". Using this option is dangerous, please consider using allowedCapabilities instead. Refer to https://docs.openshift.com/container-platform/4.12/authentication/managing-security-context-constraints.html#scc-settings_configuring-internal-oauth for details.
+"""

analyzers/kube-linter/.deepsource/issues/KUBELIN-W1060.toml

@@ -0,0 +1,14 @@
+
+title = "startup-port"
+verbose_name = "startup-port"
+severity = "major"
+category = "antipattern"
+weight = 70
+description = """
+Indicates when containers have a startup probe to a not exposed port.
+
+<!--more-->
+
+## Remediation
+Check which ports you've exposed and ensure they match what you have specified in the startup probe.
+"""

analyzers/kube-linter/utils/issue_map.json

@@ -151,5 +151,32 @@
     },
     "writable-host-mount": {
         "issue_code": "KUBELIN-W1051"
+    },
+    "dangling-servicemonitor": {
+        "issue_code": "KUBELIN-W1052"
+    },
+    "job-ttl-seconds-after-finished": {
+        "issue_code": "KUBELIN-W1053"
+    },
+    "liveness-port": {
+        "issue_code": "KUBELIN-W1054"
+    },
+    "pdb-unhealthy-pod-eviction-policy": {
+        "issue_code": "KUBELIN-W1055"
+    },
+    "priority-class-name": {
+        "issue_code": "KUBELIN-W1056"
+    },
+    "readiness-port": {
+        "issue_code": "KUBELIN-W1057"
+    },
+    "restart-policy": {
+        "issue_code": "KUBELIN-W1058"
+    },
+    "scc-deny-privileged-container": {
+        "issue_code": "KUBELIN-W1059"
+    },
+    "startup-port": {
+        "issue_code": "KUBELIN-W1060"
     }
-}
+}