swade1987 / deprek8ion Goto Github PK
View Code? Open in Web Editor NEWRego policies to monitor Kubernetes APIs deprecations.
License: MIT License
Rego policies to monitor Kubernetes APIs deprecations.
License: MIT License
Not sure I'm doing wrong, but I get some compiler errors
$ docker run --rm -it -v ${PWD}:/project instrumenta/conftest:latest test --policy regopolicy.rego chart/my-chart
Error: build compiler: compiling: 4 errors occurred:
policy/1.16-deprek8ion.rego:20: rego_unsafe_var_error: var _warn is unsafe
policy/1.16-deprek8ion.rego:26: rego_unsafe_var_error: var _warn is unsafe
policy/1.17-deprek8ion.rego:20: rego_unsafe_var_error: var _warn is unsafe
policy/1.17-deprek8ion.rego:26: rego_unsafe_var_error: var _warn is unsafe
Following policy needs updating
see:
I've noticed that there are newer versions of the docker image built from this project repo (https://console.cloud.google.com/gcr/images/swade1987/EU/deprek8ion?gcrImageListsize=30).
However, i could not match image tag (eu.gcr.io/swade1987/deprek8ion:1.1.32) with the changes here (any rule fixed? conftest updated? etc).
The project is abandoned for community or the source-of-truth for provided container images is another repo ?
Although still in alpha, looks like you can publish OPA policies to ArtifactHub. Would be good to see deprek8ion policies there to be able to pull down.
These policies look really useful, this is a great use case for rego!
Can you share how you are you using these currently? Is it with an admission controller like OPA Gatekeeper or some other job/process in your deployment pipeline?
Can we add the serviceAccount deprecation on pod spec?
See here: kubernetes/kubernetes#47198.
Hi, I was having a look at https://github.com/swade1987/deprek8ion/blob/master/policies/kubernetes-1.19.rego and wanted to learn more about the removal of admissionregistration.k8s.io/v1beta1
but the https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.19.md did not include any mention of that.
Finally I found kubernetes/kubernetes#82021 which tells that this particular removal is now planned for K8s 1.22. I think the policy files should be updated, what do you think?
Would it be possible to add a license to this repository?
Thank you for your work, this is a really useful tool!
I have a minor suggestion to simplify the Dockerfile:
FROM instrumenta/conftest:v0.18.2
LABEL MAINTAINER Steven Wade <[email protected]>
COPY policies/* /policies/
ENTRYPOINT ["/conftest", "test", "-p", "/policies"]
# Usage: docker run --rm -v $PWD/demo:/demo deprek8ion:latest /demo
This would make the install.sh unnecessary. I can create a PR if you're interested.
One more thing: would it be possible to also host the container on docker hub - it has a very straight-forward GitHub integration and isn't down currently...
If you have a bundle of manifests, it would be nice to be able to verify that manifest against a specific version of Kubernetes.
For example, if you have a bundle.yaml
that you intended to deploy to Kubernetes v1.17.0, it would be desirable to programmatically choose with set of Deprek8ion policies to run. In this case you'd include 1.16 and 1.17, but leave the others out.
Maybe a folder per Kubernetes version? e.g. 1.17/kubernetes-1.16.rego
1.17/kubernetes-1.17.rego
and then conftest test bundle.yaml -p deprek8ion/$KUBERNETES_VERSION
another example usage, which I prefer:
cat /demo/ingress.yaml | docker run --rm -i quay.io/swade1987/deprek8ion:1.1.7 conftest test -p /policies -
you dont need any volumes in this case, and this is very useful i.e. in building pipelines. furdermore you can diredtly pipe out a kubectl get ... command.
I have this error
ERROR: No deprek8ion policy for kubernetes version 1.21. Check if a newer version of deprek8ion supports this version
Is it possible to test Kubernetes template for version 1.21?
Couldn't find this policy in the current list.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.