config.yaml

checks:
  addAllBuiltIn: true
  # doNotAutoAddDefaults: true
  # include:
  # - dangling-service
  # - default-service-account
  # - deprecated-service-account-field
  # - env-var-secret
  # - mismatching-selector
  # - no-anti-affinity
  # - no-extensions-v1beta
  # - no-liveness-probe
  # - no-read-only-root-fs
  # - no-readiness-probe
  # - non-existent-service-account
  # - privileged-container
  # - required-annotation-email
  # - required-label-owner
  # - run-as-non-root
  # - ssh-port
  # - unset-cpu-requirements
  # - unset-memory-requirements
  # - writable-host-mount
  exclude:
  # - dangling-service
  # - default-service-account
  # - deprecated-service-account-field
  # - env-var-secret
  # - mismatching-selector
  # - no-anti-affinity
  # - no-extensions-v1beta
  # - no-liveness-probe
  # - no-read-only-root-fs
  # - no-readiness-probe
  # - non-existent-service-account
  # - privileged-container
  # - required-annotation-email 
  # - required-label-owner
  # - run-as-non-root
  # - ssh-port
  # - unset-cpu-requirements
  # - unset-memory-requirements
  # - writable-host-mount
customChecks:
  - name: required-annotation-responsible
    template: required-annotation
    params:
      key: rancher/masterclass
    remediation: set the demo field please :)
  - name: required-label-release
    template: required-label
    params:
      key: team
    remediation: set the team field please :)
    scope:
      objectKinds:
        - Service
  # - name: deployment-ports-list
  #   template: ports
  #   params:
  #     port: 80
  #   remediation: for visibility
  #   scope:
  #     objectKinds:
  #       - DeploymentLike