feat: add kubernetes linter

M0NsTeRRR · Nov 19, 2023 · e66d8a1 · e66d8a1
1 parent 04ce222
commit e66d8a1
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/.github/workflows/kubernetes-lint.yml b/.github/workflows/kubernetes-lint.yml
@@ -0,0 +1,19 @@
+---
+name: Kubernetes Lint
+
+on:
+  push:
+    paths:
+      - argocd/**
+      - .github/workflows/kube-lint.yml
+  pull_request:
+
+jobs:
+  kubernetes-lint:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Scan repo with kube-linter
+      uses: stackrox/kube-linter-action@v1.0.4
+      with:
+        directory: argocd
diff --git a/README.md b/README.md
@@ -4,6 +4,7 @@ This is my Homelab v3 infrastructure.
 ![Packer Lint](https://github.com/M0NsTeRRR/homelabv3-infra/workflows/Packer%20Lint/badge.svg)
 ![Terraform Lint](https://github.com/M0NsTeRRR/homelabv3-infra/workflows/Terraform%20Lint/badge.svg)
 ![Octodns](https://github.com/M0NsTeRRR/homelabv3-infra/workflows/Octodns/badge.svg)
+![Kubernetes Lint](https://github.com/M0NsTeRRR/homelabv3-infra/workflows/Kubernetes%20Lint/badge.svg)
 
 # Requirements
 

diff --git a/argocd/keycloak/manifests/03_keycloak.yaml b/argocd/keycloak/manifests/03_keycloak.yaml
@@ -31,6 +31,7 @@ metadata:
     app.kubernetes.io/instance: keycloak
   annotations:
     reloader.stakater.com/auto: "true"
+    ignore-check.kube-linter.io/no-read-only-root-fs: "https://github.com/keycloak/keycloak/issues/11286"
 spec:
   replicas: 1
   selector:
@@ -108,6 +109,9 @@ spec:
             timeoutSeconds: 5
             failureThreshold: 6
             successThreshold: 1
+          securityContext:
+            runAsNonRoot: True
+            readOnlyRootFilesystem: False
           resources:
               limits:
                 memory: 2Gi