The default container-security-context check checks the SecurityContext
for
If you do not want all of this checks you can disable container-security-context
and enable one or more of the following optional checks:
container-security-context-user-group-idcontainer-security-context-privilegedcontainer-security-context-readonlyrootfilesystemcontainer-security-contextcontainer-security-context has been deprecated (see #204, #325, #326).
The checks that has container-security-context preformed has been split into three different checks, which where all introduced in v1.10.
container-security-context.container-security-context optional (opt-in), and make the three new checks run by default.container-security-context.In v1.10, run kube-score with the following flags to ensure compatability with v1.12 and later:
kube-score score \
--enable-optional-test container-security-context-user-group-id \
--enable-optional-test container-security-context-privileged \
--enable-optional-test container-security-context-readonlyrootfilesystem \
--ignore-test container-security-context
Note: The "flip" and the deletion of the tests where originally scheduled to happen in v1.11 and v1.12. This did not happend, and the migration is now scheduled for v1.12 and v1.13 instead.
$ claude mcp add kube-score \
-- python -m otcore.mcp_server <graph>