Open
Description
Description of the problem/feature request
I would like to have checks available that allow me to check annotations on PersistentVolumeClaims (PVCs).
My main use-case is to check for annotations regarding data security and classification/compliance.
Description of the existing behavior vs. expected behavior
Current behavior: I found no way to check annotations on PVCs or volumeClaimTemplates in StatefulSets.
Expected behavior: kube-linter should include the ability to check annotations on PVCs and volumeClaimTemplates
Additional context:
To achieve this I think that the following things are necessary:
- A new
ObjectKind: I would add a new ObjectKind for PersistentVolumeClaims. This can then be used to use existing checks like the required-annotation check. - A new
Template: To check for annotations on volume claim templates within StatefulSets. This template takes a parameter annotation and verifies its existence. The regular required-annotation check can not be used because, it would not correctly unwrap this object. - A new
Extract: To get the StatefulSetSpec extracted and use it to get at the volumeClaimTemplate.
I already have code that implements this and we are using it internally to check our manifests and would like to contribute this here as I think these checks would be beneficial to the community.
Thank you for considering these enhancements.
Hanife