Clone this repo and run pip install -e .
or install it directly via pip: pip install git+https://github.com/davividal/k8s-eval
.
After that, pip will install k8s-eval executable into your path.
This application expects a YAML file similar to this:
rules:
- name: image_prefix
description: "ensure the pod only uses images prefixed with `bitnami/`"
output: boolean
- name: team_label_present
description: "ensure the pod contains a label `team` with some value"
output: boolean
- name: recent_start_time
description: "ensure the pod has not been running for more than 7 days according to it's `startTime`"
output: boolean
The application evaluates these rules for all pods in the cluster and outputs the results on stdout in json log format, one line per pod. Example:
{"pod": "mytest", "rule_evaluation": [{"name": "image_prefix", "valid": true}, {"name": "team_label_present", "valid": true}, {"name": "recent_start_time", "valid": false}]}
{"pod": "another", "rule_evaluation": [{"name": "image_prefix", "valid": false}, {"name": "team_label_present", "valid": true}, {"name": "recent_start_time", "valid": false}]}
Simply run k8s-eval
and it will use a rules.yaml
in the current directory. If no such file exists, you can pass the path to the executable: k8s-eval ~/Documents/k8s-eval/rules.yaml
In doubt, k8s-eval -h
has a short usage info.