kubernetes-sigs/kubespray

Pattern Findings

174 matches across 7 categories. Click a row to expand file-level details.

Over-Commented Block150 hits · 150 pts

Severity	File	Line	Snippet
LOW	tests/scripts/vagrant-install.sh	1	#!/bin/bash
LOW	tests/scripts/vagrant-install.sh	21	# echo \
LOW	tests/scripts/vagrant-install.sh	41	PYTHONDONTWRITEBYTECODE=1
LOW	tests/files/custom_cni/cilium.yaml	41	# nodes by setting how they are stored. The options are "crd", "kvstore" or
LOW	tests/files/custom_cni/cilium.yaml	81	# address.
LOW	tests/files/custom_cni/cilium.yaml	101
LOW	tests/files/custom_cni/cilium.yaml	121	bpf-lb-algorithm-annotation: "false"
LOW	tests/files/custom_cni/cilium.yaml	141	#
LOW	…es/kubernetes-apps/csi_driver/cinder/defaults/main.yml	21	cinder_domain_id: "{{ lookup('env', 'OS_USER_DOMAIN_ID') }}"
LOW	roles/kubernetes-apps/ansible/defaults/main.yml	41	# local
LOW	roles/kubernetes-apps/ansible/defaults/main.yml	81	# dns_autoscaler_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}]
LOW	roles/network_plugin/calico_defaults/defaults/main.yml	101	# Calico NFTable Mode Support (tech preview 3.29)
LOW	roles/network_plugin/flannel/defaults/main.yml	1	---
LOW	roles/network_plugin/cilium/defaults/main.yml	41	cilium_enable_portmap: false
LOW	roles/network_plugin/cilium/defaults/main.yml	61	# You wil also have to specify the variable `cilium_native_routing_cidr` to
LOW	roles/network_plugin/cilium/defaults/main.yml	81	# Enable transparent network encryption.
LOW	roles/network_plugin/cilium/defaults/main.yml	161
LOW	roles/network_plugin/cilium/defaults/main.yml	221
LOW	roles/network_plugin/cilium/defaults/main.yml	241	# Available for Cilium v1.12 and up.
LOW	roles/network_plugin/cilium/defaults/main.yml	261	# Available for Cilium v1.10 and up
LOW	roles/kubespray_defaults/defaults/main/main.yml	221	# Deploy cilium even if kube_network_plugin is not cilium.
LOW	roles/kubespray_defaults/defaults/main/main.yml	261	#
LOW	roles/kubespray_defaults/defaults/main/main.yml	281	ipv6_stack: "{{ enable_dual_stack_networks \| default(false) }}"
LOW	roles/kubespray_defaults/defaults/main/main.yml	321	kube_api_aggregator_routing: false
LOW	roles/kubespray_defaults/defaults/main/main.yml	401	# Rotate container stderr/stdout logs at 50m and keep last 5
LOW	roles/kubespray_defaults/defaults/main/main.yml	481	gateway_api_enabled: false
LOW	roles/kubespray_defaults/defaults/main/main.yml	521
LOW	roles/kubespray_defaults/defaults/main/main.yml	541	enabled: "{{ kube_api_anonymous_auth }}"
LOW	roles/kubespray_defaults/defaults/main/main.yml	561	## 'RBAC' modes are tested. Order is important.
LOW	roles/kubespray_defaults/defaults/main/main.yml	581	# webhook:
LOW	roles/etcd_defaults/defaults/main.yml	41
LOW	roles/etcd_defaults/defaults/main.yml	81	# Maximum number of snapshot files to retain (0 is unlimited)
LOW	roles/etcd_defaults/defaults/main.yml	101	# - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
LOW	roles/kubernetes/node/defaults/main.yml	101
LOW	roles/kubernetes/node/defaults/main.yml	141	kube_read_only_port: 0
LOW	roles/kubernetes/node/defaults/main.yml	161	# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
LOW	roles/kubernetes/kubeadm_common/defaults/main.yml	1	---
LOW	…/kubernetes/control-plane/defaults/main/kube-proxy.yml	61	kube_proxy_min_sync_period: 0s
LOW	roles/kubernetes/control-plane/defaults/main/main.yml	61	audit_log_maxage: 30
LOW	roles/kubernetes/control-plane/defaults/main/main.yml	101	kube_apiserver_pod_eviction_unreachable_timeout_seconds: "300"
LOW	roles/kubernetes/control-plane/defaults/main/main.yml	161	kube_webhook_authorization: false
LOW	roles/kubernetes/control-plane/defaults/main/main.yml	201	kube_encrypt_token: "{{ lookup('password', credentials_dir + '/kube_encrypt_token.creds length=32 chars=ascii_letters,di
LOW	roles/kubernetes/control-plane/defaults/main/main.yml	221	# - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
LOW	roles/container-engine/containerd/defaults/main.yml	81	containerd_cfg_dir: /etc/containerd
LOW	roles/container-engine/cri-o/defaults/main.yml	21	# mirrors:
LOW	docs/calico_peer_example/new-york.yml	1	# ---
LOW	docs/calico_peer_example/paris.yml	1	# ---
LOW	contrib/terraform/terraform.py	1	#!/usr/bin/env python3
LOW	inventory/sample/inventory.ini	1	# This inventory describe a HA typology with stacked etcd (== same nodes as control plane)
LOW	inventory/sample/group_vars/all/azure.yml	1	## When azure is used, you need to also set the following variables.
LOW	inventory/sample/group_vars/all/azure.yml	21	## Azure Disk CSI credentials and parameters
LOW	inventory/sample/group_vars/all/cri-o.yml	1	# Registries defined within cri-o.
LOW	inventory/sample/group_vars/all/hcloud.yml	1	## Values for the external Hcloud Cloud Controller
LOW	inventory/sample/group_vars/all/hcloud.yml	21	# load_balancers_enabled:
LOW	inventory/sample/group_vars/all/containerd.yml	1	---
LOW	inventory/sample/group_vars/all/containerd.yml	21	# options:
LOW	inventory/sample/group_vars/all/containerd.yml	41
LOW	inventory/sample/group_vars/all/all.yml	1	---
LOW	inventory/sample/group_vars/all/all.yml	21	# valid options are "nginx" or "haproxy"
LOW	inventory/sample/group_vars/all/all.yml	41	# - 8.8.4.4
90 more matches not shown…

Self-Referential Comments4 hits · 12 pts

Severity	File	Line	Snippet
MEDIUM	contrib/terraform/aws/modules/nlb/main.tf	1	# Create a new AWS NLB for K8S API
MEDIUM	contrib/terraform/aws/modules/nlb/main.tf	14	# Create a new AWS NLB Instance Target Group
MEDIUM	contrib/terraform/aws/modules/nlb/main.tf	31	# Create a new AWS NLB Listener listen to target group
MEDIUM	…b/terraform/upcloud/modules/kubernetes-cluster/main.tf	2	# Create a list of all disks to create

Redundant / Tautological Comments6 hits · 9 pts

Severity	File	Line	Snippet
LOW	roles/kubespray_defaults/defaults/main/main.yml	9	# Check if access_ip responds to ping. Set false if your firewall blocks ICMP.
LOW	contrib/aws_inventory/kubespray-aws-inventory.py	21	##Check if VPC_VISIBILITY is set, if not default to private
LOW	inventory/sample/group_vars/all/all.yml	94	## Set true to download and cache container
LOW	inventory/sample/group_vars/all/all.yml	112	## Check if access_ip responds to ping. Set false if your firewall blocks ICMP.
LOW	inventory/sample/group_vars/all/etcd.yml	15	# Set this to docker if you are using container_manager: docker
LOW	scripts/gen_docs_sidebar.sh	16	# Check if it is a directory

Deep Nesting6 hits · 6 pts

Severity	File	Line
LOW	plugins/modules/kube.py	310
LOW	tests/scripts/md-table/main.py	55
LOW	library/kube.py	310
LOW	contrib/terraform/terraform.py	41
LOW	contrib/terraform/terraform.py	62
LOW	scripts/openstack-cleanup/main.py	27

Unused Imports4 hits · 4 pts

Severity	File	Line
LOW	plugins/modules/kube.py	364
LOW	library/kube.py	364
LOW	contrib/aws_inventory/kubespray-aws-inventory.py	3
LOW	scripts/openstack-cleanup/main.py	6

AI Slop Vocabulary1 hit · 3 pts

Severity	File	Line	Snippet
MEDIUM	tests/files/custom_cni/cilium.yaml	52	# for seamless migrations from the kvstore mode to the crd mode. Consult the

Excessive Try-Catch Wrapping3 hits · 2 pts

Severity	File	Line	Snippet
LOW	plugins/modules/kube.py	160	except Exception as exc:
LOW	library/kube.py	160	except Exception as exc:
LOW	scripts/openstack-cleanup/main.py	50	except Exception as ex:

Score History

Severity Breakdown

Pattern Findings