In K9s𝞪 when workloads are detected, resources associated with the workload will be scanned to report potential issues or anomalies. Although, we always recommend wide open scans to avoid potential hidden issues, one may want to exclude certain resources from the scans are they may not be either pertinent to the workload or may come from other subsystems. For example, you may have valid arguments for not specifying probes or not wanting to report on istio sidecars. For this reason, you can further qualify scans exclusions in a context specific file
K9s𝞪 radar view -- Presents cluster scans report
This configuration provides for excluding certain resources and codes from the scans. This file is hot, meaning you can tune while viewing the reports and make changes accordingly.
# $XDG_CONFIG_HOME/k9s-alpha/contexts/blee/scans.yaml k9s: excludes: # Global bans will apply to all scannable resources and codes globals: # Exclude the following sidecar containers from the scans. sidecars: - istio-proxy # Exclude to following codes from the scans. codes: # Ignore all reports about missing docker container image tag. - CON-04 # GVRS express resource level exclusions. GVR=Group/Version/Pluralize-Resource-Name gvrs: # Exclude certain namespaces from the scans v1/namespaces: # Exclude resources in the fred namespace. fred: # Exclude all namespaces matching the regular expression. ie kube-system, kube-public, kube-node-lease # NOTE! rx: here specifies a valid regular expression is given. rx:kube: # Exclude certain pods from the scans. v1/pods: # Exclude StatefulSet pod nginx-sts-1 in the default namespace. # The shape matches an FQN=Fully Qualified Resource Name ie namespace-name/resource-name default/nginx-sts-1: codes: - CON-04 - CON-06 # Exclude certain secrets from the scans. v1/secrets: # Exclude sc1 in namespace default default/sc1: # Exclude certain codes from the following services. v1/services: # Exclude code SVC-04 (prefer port name vs number) default/nginx: codes: - SVC-04
© 2021 Imhotep Software LLC. All materials licensed under Apache v2.0