I’m getting false positives from the Kubernetes analysis engine when I use Kustomize to help define my infrastructure. I am using SonarCloud.
My Kubernetes folder is layed out as follows:
-- devops
-- base
-- deployment.yaml
-- service.yaml
-- service-account.yaml
-- overlays
-- development
-- deployment.yaml
-- deployment-env-var.yaml
-- testing
-- deployment.yaml
-- deployment-env-var.yaml
so I have a base deployment.yaml and then each deployment environment has an overlay which can be used to customise the deployment (that’s the purpose of Kustomise). If I set a configuration element in the base deployment.yaml like this:
containers:
- name: my-service
resources:
limits:
memory: "512Mi"
requests:
memory: 100Mi
cpu: 0.5
ephemeral-storage: "1Gi"
then I would expect those settings to be propagated to all environments unless I explicitly override them in the appropriate overlay folder e.g.
containers:
- name: my-service
resources:
requests:
memory: 256Mi
would increase the memory allocation without changing CPU/storage allocations.
However, SonarCloud is giving me an S6870 error on the deployment.yaml files in the overlay folder where they are not explicitly setting the ephemeral-storage setting.
Is this something that it would be reasonable to expect SonarCloud to support? Obviously there are all sorts of tools out there for managing k8s deployments, and they probably all work quite differently. Apart from the S6870 error, I’m getting S6864, S6865 etc for same sort of issue on different properties of the deployment YAML, but I don’t want to go raising multiple tickets if they’re not likely to be addressed by design