How to use the command 'popeye' (with examples)
The ‘popeye’ command is a utility that reports potential issues with Kubernetes deployment manifests. It can be used to scan the current Kubernetes cluster or a specific namespace or context. It also allows the use of a spinach configuration file for scanning.
Use case 1: Scan the current Kubernetes cluster
Code:
popeye
Motivation:
The motivation behind scanning the current Kubernetes cluster using the ‘popeye’ command is to identify potential issues with the deployment manifests. This can help ensure that the cluster is properly configured and running smoothly.
Explanation:
- There are no arguments provided in this use case, which means that the ‘popeye’ command will scan the current Kubernetes cluster without any specific namespace or context.
- The command will analyze the deployment manifests and report any potential issues.
Example output:
INFO[0000] Lords anointed 😇 ain't nobody got time for that- Missing Cluster Role/Cluster RoleBinding: [kube-desc Pod Security Policy [PodSecurityPolicy] ClusterRole.policies RBAC] ClusterRoleBindings should bind only existing ClusterRoles.
INFO[0000] Whateva Sis 🤷♂️ Deployment without probes [] Deployment.spec.template.spec.containers.list corev1.Container.deployments In order to determine the healthy state of a Pod we recommend you specify one or more probes like livenessProbe.
INFO[0000] Freaky 🎇 Found privileged containers [] Deployment.spec.template.spec.containers.list Ample security resides with privileged containers. Please do not use them.
INFO[0000] Spread the wealth 🐷 Too many containers started in one Pod [] Deployment.spec.template.spec.containers.list Avoid putting too many applications (reasonableness is subjective) into a single container, it encourages tight coupling of applications and makes it difficult to manage things like resource consumption.