How to override errors for a daemonset?

[dmitry-irtegov]

ISSUE TYPE

• [+] Feature Idea

FEATURE IDEA

• If the maintainers agree with the feature as described here, I intend to submit a Pull Request myself.¹

Proposal:

I want to add error override labels for a CNI plugin.

Obviously, it must run as root, have host network and NET_ADMIN capability.

The plugin itself is a daemon set, so it has no fixed pod name, so I cannot override errors on the pod level (or, at least, do not understand how).

The pod has several containers, so adding these labels at container level is tedious.

I hope for CNI plugins it will be fixed with #275 , but there might be other daemonsets which needs auditing (logging, etc).

¹ _{This is the quickest way to get a new feature! We reserve the right to close feature requests, even ones we like, if the proposer does not intend to contribute to the feature and it doesn't fit in our current roadmap.}

[ghost]

Thanks for opening your first issue here! Be sure to follow the issue template!

[genevieveluyt]

Hey dmitry-irtegov, here is an example setting a pod override for a deployment: https://github.com/Shopify/kubeaudit/blob/master/docs/auditors/asat.md#override-errors

It should be similar for a daemonset (the pod override applies to all pods created by a resource). Please report back if it doesn't work for you!

[dmitry-irtegov]

Thanks, I will try this.

[rxbchen]

closing this for now, feel free to re-open this if it is an issue!