Consider pods running with "default" service account a warning or error

[naseemkullah]

Would it fall under popeye's scope to check for best practices such as this?

[derailed]

@naseemkullah Thank you for this report! Yes I think this is a valid check.

[naseemkullah]

My pleasure @derailed.
Furthermore, if interested in encompassing checks with regards to securityContext as well, https://kubesec.io/ have some nice ideas to draw inspiration from (to check if pod is running as non-root for example).

[derailed]

@naseemkullah Thank you for the pointer! I'll take a peek and see how we can start surfacing more security best practices in Popeye.

[naseemkullah]

My pleasure @derailed , I just discovered this tool as well that covers this sort of thing: https://github.com/Shopify/kubeaudit ...could maybe get some ideas from it as well.

[derailed]

@naseemkullah Thank you for your pointers on this!! v0.4.1 now performs some basic security checks. More to come on this... Please see v0.4.0 release notes.

[naseemkullah]

Excellent!