Create fakefile.yml

configs/config_carts_db_permissive.yaml

@@ -26,7 +26,7 @@ checks:
     # - non-existent-service-account
     - privilege-escalation-container
     - privileged-container
-    - privileged-ports
+    # - privileged-ports
     # - read-secret-from-env-var
     # - required-annotation-email
     # - required-label-release-deployment

configs/config_carts_db_strict.yaml

@@ -25,13 +25,13 @@ checks:
     # - no-rolling-update-strategy
     # - non-existent-service-account
     # - privilege-escalation-container
-    # - privileged-container
+     - privileged-container
     # - privileged-ports
     # - read-secret-from-env-var
     # - required-annotation-email
     # - required-label-release-deployment
     # - required-label-owner
-    # - run-as-non-root
+     - run-as-non-root
     # - sensitive-host-mounts
     # - ssh-port
     # - unsafe-proc-mount

configs/custom_permissive.yaml

@@ -0,0 +1,57 @@
+checks:
+  doNotAutoAddDefaults: true
+  include:
+    # - access-to-create-pods
+    # - access-to-secrets
+    # - cluster-admin-role-binding
+    # - dangling-service
+    # - default-service-account
+    # - deprecated-service-account-field
+    # - docker-sock
+    # - drop-net-raw-capability
+    # - env-var-secret
+    # - exposed-services
+    # - host-ipc
+    # - host-network
+    # - host-pid
+    # - latest-tag
+    # - minimum-three-replicas
+    # - mismatching-selector
+    # - no-anti-affinity
+    # - no-extensions-v1beta
+    # - no-liveness-probe
+    # - no-read-only-root-fs
+    # - no-readiness-probe
+    # - no-rolling-update-strategy
+    # - non-existent-service-account
+    - privilege-escalation-container
+    - privileged-container
+    # - privileged-ports
+    # - read-secret-from-env-var
+    # - required-annotation-email
+    # - required-label-release-deployment
+    # - required-label-owner
+    - run-as-non-root
+    # - sensitive-host-mounts
+    # - ssh-port
+    # - unsafe-proc-mount
+    # - unsafe-sysctls
+    # - unset-cpu-requirements
+    # - unset-memory-requirements
+    # - use-namespace
+    # - wildcard-in-rules
+    # - writable-host-mount
+customChecks:
+  - name: required-annotation-responsible
+    template: required-annotation
+    params:
+      key: kube-linter/demo
+    remediation: please add the "kube-linter/demo" annotation to the deployment
+  - name: required-label-release
+    template: required-label
+    params:
+      key: team
+    remediation: please add a team label to the service
+    scope:
+      objectKinds:
+        - deployment

configs/fakefile.yml

@@ -0,0 +1 @@
+#test pr

demo.md

@@ -0,0 +1,30 @@
+#First show KubeLinter documentation
+
+https://github.com/stackrox/kube-linter
+
+# Show CLI options
+
+kube-linter --help
+
+# Show that lints are able to be done through vscode
+
+1. Lint all manifests and showcase all control failures.
+
+kube-linter lint manifests
+
+2. Lint specific yaml files
+
+kube-linter lint manifests/carts-db
+
+3. Use a configfile  and showcase the use of the configfile using kubelinter check
+
+kube-linter lint manifests/carts-db --config configs/config_carts_db_permissive.yaml
+
+4. Show if I wanted to use the strict lint 
+
+kube-linter lint manifests/carts-db --config configs/config_carts_db_strict.yaml
+
+4. Show github action
+
+
+