no-missing-role
Rec
Enabled in recommended preset.All
Disabled when components are given in CLI.Disallow missing Role and ClusterRole references.
This rule ensures that all Role and ClusterRole references are defined by checking if the corresponding manifests are present or not.
The following built-in ClusterRoles are always allowed:
admincluster-admineditviewsystem:*
The following built-in Roles in kube-system namespace are always allowed:
extension-apiserver-authentication-readersystem:*
Configuration
allow
Allow Role and ClusterRole references that match the patterns to be missing.
Examples
Allow a ClusterRole with a specific name.
allow = [{ kind = "ClusterRole", name = "foo" }]
Allow a Role with a specific namespace and name.
allow = [{ kind = "Role", namespace = "foo", name = "bar" }]