Feature Request : file with check being ignored

[Ghost0shell]

Which version of kube-score are you using?

kube-score version: [e.g. 0.3.0]

v1.19.0

As it's not a bug request i do have removed the template.

I think it could be a nice idea to be able to provide a file with a list of checks that could be ignored or changed from CRITICAL to WARNING, as we do in some tools such as Ansible lint.

Example:

The check on my side raises an error du to a lack of Pod Network Policy, but depending of my k8s CNI this error can be unrelated to my context, then not "fixable"

Note: I saw the issue asking for a config file but i'm note quite sure i'm asking for the same feature.

[zegl]

Do you have any reason for why using CLI arguments is not enough? Maybe you can use a wrapper-script if you want to make sure that some arguments are always set.

[KarstenSiemer]

I am not OP but have looked for that ability as well.
My problem is that some arguments required by the utility are too long for the default implementation of xargs.

I'd like to use kube-score as a pre-commit hook which is automatically run before a commit can be done on file files within my kustomization directory. Additionally, I run those pre-commit hooks within a GitHub action to Pull Requests.

I use this script to generate the notifications if something doesnt comply to kube-score:

# Check if yamls are kustomizable and compliant
find deploy/kustomize -type f -name \
  "kustomization.yaml" | xargs -S1024 -P 4 -I {} sh -c \
  'kustomize build "$(dirname {})" | \
  kube-score score \
    --ignore-test pod-networkpolicy \
    --ignore-test container-ephemeral-storage-request-and-limit \
    --ignore-test container-security-context-readonlyrootfilesystem \
    --ignore-test container-security-context-user-group-id \
    --ignore-test container-security-context-privileged \
    --ignore-test container-security-context-readonlyrootfilesystem - ' \
  || exit 1

On my workstation ( Macbook M3 ), xargs requires the -S flag to use flags with arguments that long.
The -S flag is not available to the xargs binary on my ubuntu-latest GitHub action runner.

The obvious solution is of course to use a POSIX compliant script, this is sometimes hard though.
Using a file to store the long arguments would be much easier and many tools supply such a way for configuration, too.

So I do think there is some amount of value to config files.
Thanks for reading

[kmarteaux]

@zegl - A couple of years ago I did write an implementation to allow for a kube-score configuration file. You pushed back on it for the same reason -- should not command line arguments be sufficient? I agree with your sentiment, but in many instances, such as CI pipelines, it is convenient to simply pass in a file with the desired test configuration. Would you like me to resubmit/PR that code for your consideration again?