Created
November 6, 2020 13:25
-
-
Save jgsqware/80db5980bbafaadd4726dd96fb30abfe to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # A popeye configuration file to check a | |
| # Giant Swarm tenant cluster before upgrading. | |
| # | |
| # This configuration suppresses many useful checks for best practices that are also relevant | |
| # in general, with the one goal: to highlight any details that could cause problems | |
| # during an upgrade. | |
| # | |
| # Tested with popeye 0.9.0 | |
| # | |
| # More about popeye: https://github.com/derailed/popeye | |
| # More about upgrades at Giant Swarm: https://docs.giantswarm.io/reference/cluster-upgrades/ | |
| # | |
| popeye: | |
| excludes: | |
| v1/pods: | |
| - name: rx:giantswarm/.* | |
| - name: rx:kube\-system/.* | |
| - name: rx:.* | |
| codes: | |
| - 102 # don't care about no probes being defined | |
| - 105 # don't care about prope using numeric port | |
| - 106 # don't care about resource requests/limits | |
| - 107 # don't care about resource limits | |
| - 108 # don't care about using numeric ports | |
| - 300 # don't care about using 'default' ServiceAccount | |
| - 302 # don't care about 'Pod could be running as root user' | |
| - 301 # don't care about 'ServiceAccount token is mounted' | |
| - 306 # don't care about | |
| apps/v1/deployments: | |
| - name: rx:giantswarm/.* | |
| - name: rx:kube\-system/.* | |
| - name: rx:.* | |
| codes: | |
| - 106 # don't care about resource requests/limits | |
| - 107 # don't care about resource limits | |
| - 108 # don't care about numeric ports | |
| autoscaling/v1/horizontalpodautoscalers: | |
| - name: rx:giantswarm/.* | |
| - name: rx:kube\-system/.* | |
| policy/v1beta1/poddisruptionbudgets: | |
| - name: rx:giantswarm/.* | |
| - name: rx:kube\-system/.* | |
| v1/services: | |
| - name: rx:giantswarm/.* | |
| - name: rx:kube\-system/.* | |
| - name: rx:.* | |
| codes: | |
| - 1101 # don't care about 'No explicit ports detected on pod' | |
| - 1102 # don't care about numeric target port | |
| apps/v1/daemonsets: | |
| - name: rx:giantswarm/.* | |
| - name: rx:kube\-system/.* | |
| v1/configmaps: | |
| - name: rx:.* | |
| codes: | |
| - 400 # don't care about unused resources | |
| v1/namespaces: | |
| - name: rx:.* | |
| codes: | |
| - 400 # don't care about unused resources | |
| v1/secrets: | |
| - name: rx:.* | |
| codes: | |
| - 400 # don't care about unused resources | |
| v1/serviceaccounts: | |
| - name: rx:.* | |
| codes: | |
| - 400 # don't care about unused resources | |
| rbac.authorization.k8s.io/v1/clusterroles: | |
| - name: rx:.* | |
| codes: | |
| - 400 # don't care about unused resources | |
| rbac.authorization.k8s.io/v1/clusterrolebindings: | |
| - name: rx:.* | |
| codes: | |
| - 400 # don't care about unused resources | |
| v1/persistentvolumeclaims: | |
| - name: rx:.* | |
| codes: | |
| - 400 # don't care about unused resources |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment