C-0077 - K8s common labels usage

Framework

DevOpsBest, AllControls

Severity

Low

Description of the the issue

Kubernetes common labels help manage and monitor Kubernetes cluster using different tools such as kubectl, dashboard and others in an interoperable way. Refer to https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/ for more information. This control helps you find objects that don't have any of these labels defined.Note, this control is configurable. See below the details.

Related resources

CronJob, DaemonSet, Deployment, Job, Pod, ReplicaSet, StatefulSet

What does this control test

Test will check if the list of label that start with app.kubernetes.io/ are defined.

Remediation

Define applicable labels or use the exception mechanism to prevent further notifications.

Configuration

This control can be configured using the following parameters. Read CLI/UI documentation about how to change parameters.

Kubernetes Recommended Labels

k8sRecommendedLabels
Kubescape checks that workloads have at least one of this list of configurable labels, as recommended in the Kubernetes documentation.

Example

apiVersion: apps/v1
kind: Deployment
metadata:
  name: dwployment-witout-k8s-labels-1
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app.kubernetes.io/name: myApp
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80