C-0076 - Label usage for resources
Framework
AllControls, DevOpsBest
Severity
Low
Description of the the issue
It is recommended to set labels that identify semantic attributes of your application or deployment. For example, { app: myapp, tier: frontend, phase: test, deployment: v3 }. These labels can used to assign policies to logical groups of the deployments as well as for presentation and tracking purposes. This control helps you find deployments without any of the expected labels.Note, this control is configurable. See below the details.
Related resources
CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet
What does this control test
Test will check if a certain set of labels is defined, this is a configurable control. Initial list: app, tier, phase, version, owner, env.
Remediation
Define labels that are most suitable to your needs of use the exceptions to prevent further notifications.
Configuration
This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.
Recommended Labels
recommendedLabels
Kubescape checks that workloads have at least one label that identifies semantic attributes.
Example
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: replicaset-without-label-usage
labels:
app: m1234
spec:
# modify replicas according to your case
replicas: 3
selector:
matchLabels:
tier: frontend
template:
metadata:
labels:
tier: frontend
spec:
containers:
- name: php-redis
image: gcr.io/google_samples/gb-frontend:v3
Updated 3 months ago