What's Changed

• chore: remove refs to deprecated io/ioutil by @testwill in https://github.com/zegl/kube-score/pull/546
• score/disruptionbudget: output comment when namespace doesn't match by @cayla in https://github.com/zegl/kube-score/pull/549
• docs: add release documentation by @zegl in https://github.com/zegl/kube-score/pull/551
• score/disruptionbudget: improved error message for PDB found but in wrong namespace by @zegl in https://github.com/zegl/kube-score/pull/552
• renderer/human: show file names in case of error or warning by @zegl in https://github.com/zegl/kube-score/pull/553
• Align container-ephemeral-storage-request-and-limit to container-resources by @ReuDa in https://github.com/zegl/kube-score/pull/573
• ci/go: bump Go version from 1.19 to 1.21 and fix CI style by @ryo-yamaoka in https://github.com/zegl/kube-score/pull/572
• Support HorizontalPodAutoscaler in autoscaling/v2 by @ReuDa in https://github.com/zegl/kube-score/pull/574
• Fix: create valid sarif results output file by @ppawlowski in https://github.com/zegl/kube-score/pull/575
• score/probes: set score.Skipped if pod not targeted by service by @zegl in https://github.com/zegl/kube-score/pull/577
• Add deployment checks by @BigGold1310 in https://github.com/zegl/kube-score/pull/576
• build(deps): bump golang.org/x/term from 0.15.0 to 0.16.0 by @dependabot in https://github.com/zegl/kube-score/pull/579
• build(deps): bump k8s.io/api from 0.29.0 to 0.29.1 by @dependabot in https://github.com/zegl/kube-score/pull/580
• scorecard: fix enabling of optional tests with CLI flag by @zegl in https://github.com/zegl/kube-score/pull/584

New Contributors

• @testwill made their first contribution in https://github.com/zegl/kube-score/pull/546
• @cayla made their first contribution in https://github.com/zegl/kube-score/pull/549
• @ReuDa made their first contribution in https://github.com/zegl/kube-score/pull/573
• @ppawlowski made their first contribution in https://github.com/zegl/kube-score/pull/575
• @BigGold1310 made their first contribution in https://github.com/zegl/kube-score/pull/576

Full Changelog: https://github.com/zegl/kube-score/compare/v1.17.0...v1.18.0

Download

• Download the binaries from the GitHub release page
• Download the image from Docker Hub: zegl/kube-score:v1.18.0 (⭐ muiltiarch image! – This image contains Helm 3 and Kustomize).
• Download from homebrew: brew install kube-score/tap/kube-score
• Download with krew: kubectl krew install score

Changelog

• 4f4d94b Add new --all-default-optional flag to enable all optional tests (@kmarteaux)
• 2c61f70 Additional test case for multiple ignore annotations (@kmarteaux)
• ba23a2d Fix implied ignore annotations block in isEnabled function (@kmarteaux)
• 3bf6bc5 [#495] add updated score.go. update podtopologyspreadconstraints package name (@kmarteaux)
• f5d2695 [#495] implement feature request: topologySpreadConstraints (@kmarteaux)
• f0e1c0d rendered: fix tests for human output
• c965b17 renderer: override color support logic to add colors on GitHub Actions
• 07e5b94 score: generic check functions
• c41dec1 score: generic pod checker functions
• 048aa2f score: generic register meta check

Download

• Download the binaries from the GitHub release page
• Download the image from Docker Hub: zegl/kube-score:v1.17.0 (⭐ muiltiarch image! – This image contains Helm 3 and Kustomize).
• Download from homebrew: brew install kube-score/tap/kube-score
• Download with krew: kubectl krew install score

Changelog

• dad8eae scorecard: trim whitespace in annotation keys

Download

• Download the binaries from the GitHub release page
• Download the image from Docker Hub: zegl/kube-score:v1.16.1 (⭐ new muiltiarch image! – This image contains Helm 3 and Kustomize).
• Download from homebrew: brew install kube-score/tap/kube-score
• Download with krew: kubectl krew install score

Changelog

This change contains no changes to the scoring in kube-score. This release is made to fix some issues in the Docker images pushed in v1.15.0 where no linux/arm64 images where pushed (#502). This has been fixed by migrating to a multiarch image for both linux/amd64 and linux/arm64. The -helm, -heml3, and -kustomize images are no longer pushed, instead the new multiarch image contains both Helm 3 and Kustomize binaries.

• 00a51e7 all: support Kubernetes v1.26 APIs
• 98fd2b1 builds: add reminder to add push latest
• 2c08121 builds: multi-arch docker image
• de4fbec go: update to Go 1.19 semantics

Download

• Download the binaries from the GitHub release page
• Download the image from Docker Hub: zegl/kube-score:v1.16.0 (⭐ new muiltiarch image! – This image contains Helm 3 and Kustomize).
• Download from homebrew: brew install kube-score/tap/kube-score
• Download with krew: kubectl krew install score

Changes

• #489 Adds support for the kube-score/ignore and kube-score/enable annotation on child resources such as Deployment and StatefulSet Pod Templates. The "child" annotations will override an annotations set on the root object.
• #474 Implement New Rule: CronJob resource requires Pod restartPolicy set to Never or OnFailure
• #469 Check to see if a container port name exceeds 15 characters
• #462 Bump to kustomize v4.5.4
• #461 Add sarif output option to documentation
• #450 Container ephemeral storage tests did not honor "kube-score/ignore": "container-resources" annotation because the tests were implemented apart from the extant CPU and memory container tests. Fix addresses this oversight by noting the "container-resources" annotation implies also ignoring the "container-ephemeral-storage-request-and-limit" tests.
• #439 Update k8s.io/api to v0.23.4

This release contains contributions from: Guilhem Bonnefille (@gbonnefille), Gustav Westling (@zegl), Kenneth Martau (@kmarteaux), Lorenzo Gallucci (@log2), Mads Jensen (@atombrella), ryo-yamaoka (@ryo-yamaoka)

Download

• Download the binaries from the GitHub release page
• Download the image from Docker Hub: zegl/kube-score:v1.15.0
• Download the image from Docker Hub with Helm or Kustomize pre-installed: zegl/kube-score:v1.15.0-helm3, zegl/kube-score:v1.15.0-helm, zegl/kube-score:v1.15.0-kustomize
• Download from homebrew: brew install kube-score/tap/kube-score
• Download with krew: kubectl krew install score

Changes

• #431 Implements an optional Pod container ports test. Checks to ensure a ports containerPort value isn't missing and name ports are unique.
• #429 Implement new Pod container resource checks for ephemeral storage. Default tests for request and limit settings. Optional test to ensure matching ephemeral storage request and limit values.

This release contains contributions from: Gustav Westling (@zegl), Jaanki (@Jaanki), Mads Jensen (@atombrella), Stephen (@stephengroat), and kmarteaux (@kmarteaux)!

Download

• Download the binaries from the GitHub release page
• Download the image from Docker Hub: zegl/kube-score:v1.14.0
• Download the image from Docker Hub with Helm or Kustomize pre-installed: zegl/kube-score:v1.14.0-helm3, zegl/kube-score:v1.14.0-helm, zegl/kube-score:v1.14.0-kustomize
• Download from homebrew: brew install kube-score/tap/kube-score
• Download with krew: kubectl krew install score

🌻 Sponsors

kube-score is proudly sponsored by Sturdy — real-time code collaboration!

Docker images

• docker pull zegl/kube-score:v1.14.0-kustomize
• docker pull zegl/kube-score:latest-kustomize
• docker pull zegl/kube-score:v1.14.0-helm3
• docker pull zegl/kube-score:latest-helm3
• docker pull zegl/kube-score:v1.14.0
• docker pull zegl/kube-score:v1.14.0-arm64 (:star: – new!)
• docker pull zegl/kube-score:v1.14.0-helm
• docker pull zegl/kube-score:latest-helm
• docker pull zegl/kube-score:latest-arm64 (:star: – new!)

Changes

• #404 Remove the deprecated “Container Security Context” check. It has been deprecated for three releases, and disabled by default since the last release. See https://github.com/zegl/kube-score/blob/master/README_SECURITYCONTEXT.md for more information.
• #399 Add support for more topology kets in the hasPodAntiAffinity test
• #397 Upgrade Helm3 to v3.7.0
• #396 Add check for PodDisruptionBudget with no policy
• #389 Fix panic for Ingresses with empty http blocks . This affected the networking/v1beta1 and extensions/v1beta1 versions of Ingress.

This release contains contributions from: Gustav Westling (@zegl), Maxim Samoilov (@Nitive), Nathan (@nbanmp), Tom Hayward (@kd7lxl).

Download

• Download the binaries from the GitHub release page
• Download the image from Docker Hub: zegl/kube-score:v1.13.0
• Download the image from Docker Hub with Helm or Kustomize pre-installed: zegl/kube-score:v1.13.0-helm3, zegl/kube-score:v1.13.0-helm, zegl/kube-score:v1.13.0-kustomize
• Download from homebrew: brew install kube-score/tap/kube-score
• Download with krew: kubectl krew install score

🌻 Sponsors

kube-score is proudly sponsored by Sturdy — Software collaboration for teams.

Docker images

• docker pull zegl/kube-score:v1.13.0-kustomize
• docker pull zegl/kube-score:latest-kustomize
• docker pull zegl/kube-score:v1.13.0-helm3
• docker pull zegl/kube-score:latest-helm3
• docker pull zegl/kube-score:v1.13.0
• docker pull zegl/kube-score:v1.13.0-helm
• docker pull zegl/kube-score:latest-helm

Changes

• #387 Upgrade alpine to 3.14.2. Upgrade Go to 1.17. Upgrade Helm 2 to v2.17.0. Upgrade Helm 3 to v3.6.3.
• #386 As announced in v1.10.0: container-security-context is now disabled by default (is now opt-in, and will be removed in v1.13.0), The new checks container-security-context-user-group-id, container-security-context-privileged and container-security-context-readonlyrootfilesystem are now enabled by default. See SECURITYCONTEXT.md for more.
• #385 Add Deployment selector labels check
• #380 Add StatefulSet selector labels check

This release contains contributions from: Eugene Venter, Gustav Westling

Download

• Download the binaries from the GitHub release page
• Download the image from Docker Hub: zegl/kube-score:v1.12.0
• Download the image from Docker Hub with Helm or Kustomize pre-installed: zegl/kube-score:v1.12.0-helm3, zegl/kube-score:v1.12.0-helm, zegl/kube-score:v1.12.0-kustomize
• Download from homebrew: brew install kube-score/tap/kube-score
• Download with krew: kubectl krew install score

🌻 Sponsors

kube-score is proudly sponsored by Sturdy — Software collaboration for teams.

Changes

• Support for Kubernetes v1.21 and the new versions of the PodDisruptionBudget and CronJob APIs
• #362 Support policy/v1 of PodDisruptionBudget. If --kubernetes-version is set to v1.21 or later, policy/v1 will be recommended over policy/v1beta1
• #361 Support batch/v1/CronJob, and recommend to use the batch/v1 version if --kubernetes-version is set to v1.21 or later

Delayed deprecation of container-security-context

In v1.10.0 the deprecation of container-security-context was announced. In the initial announcement the flip to the new checks was scheduled to happen in v1.11 followed by the deletions in v1.12. This did not happen in this release, and the flip and deletion have been postponed to v1.12 and v1.13 respectively.

Download

• Download the binaries from the GitHub release page
• Download the image from Docker Hub: zegl/kube-score:v1.11.0
• Download the image from Docker Hub with Helm or Kustomize pre-installed: zegl/kube-score:v1.11.0-helm3, zegl/kube-score:v1.11.0-helm, zegl/kube-score:v1.11.0-kustomize
• Download from homebrew: brew install kube-score/tap/kube-score
• Download with krew: kubectl krew install score

Docker images

• docker pull zegl/kube-score:v1.11.0
• docker pull zegl/kube-score:latest
• docker pull zegl/kube-score:v1.11.0-helm
• docker pull zegl/kube-score:latest-helm
• docker pull zegl/kube-score:v1.11.0-helm3
• docker pull zegl/kube-score:latest-helm3
• docker pull zegl/kube-score:v1.11.0-kustomize
• docker pull zegl/kube-score:latest-kustomize

Changes

• #346 added support for helm v3 and created new dockerfile and tagging. eg. docker pull zegl/kube-score:v1.10.0-helm3
• #341 fix panic in ingress testing on bad input

This release contains contributions from: Gustav Westling, doughoke

Download

• Download the binaries from the GitHub release page
• Download the image from Docker Hub: zegl/kube-score:v1.10.1
• Download the image from Docker Hub with Helm or Kustomize pre-installed: zegl/kube-score:v1.10.1-helm3, zegl/kube-score:v1.10.1-helm, zegl/kube-score:v1.10.1-kustomize
• Download from homebrew: brew install kube-score/tap/kube-score
• Download with krew: kubectl krew install score

Docker images

• docker pull zegl/kube-score:v1.10.1-helm
• docker pull zegl/kube-score:latest-helm
• docker pull zegl/kube-score:v1.10.1-kustomize
• docker pull zegl/kube-score:latest-kustomize
• docker pull zegl/kube-score:v1.10.1
• docker pull zegl/kube-score:latest
• docker pull zegl/kube-score:v1.10.1-helm3
• docker pull zegl/kube-score:latest-helm3