Updated and renamed baselines #27 (#28)

BernieWhite · web-flow · commit 2a190d4a7776 · 2020-01-03T10:43:06.000+10:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 ## Unreleased
 
+- **Breaking change**: Updated and renamed baselines make them easier to use. [#27](https://github.com/BernieWhite/PSRule.Rules.Kubernetes/issues/27)
+  - `KubeBaseline` is now `Kubernetes`, the default baseline.
+  - `AKSBaseline` is now `AKS`.
+  - The `Kubernetes` baseline include common Kubernetes rules.
+  - The `AKS` baseline include all of `Kubernetes` plus additional AKS specific rules.
+
 ## v0.1.0-B1912003 (pre-release)
 
 - Fixed `Kubernetes.AKS.PublicLB` handling of internal LB annotation. [#17](https://github.com/BernieWhite/PSRule.Rules.Kubernetes/issues/17)
diff --git a/README.md b/README.md
@@ -63,7 +63,6 @@ Kubernetes.Pod.Resources            Fail       Resource requirements are set for
 Kubernetes.Pod.Secrets              Pass       Use Kubernetes secrets to store information such as passwords or connec…
 Kubernetes.Pod.Health               Fail       Containers should use liveness and readiness probes.
 Kubernetes.Pod.Replicas             Fail       Consider increasing replicas to two or more to provide high availabilit…
-Kubernetes.AKS.PublicLB             Pass       Consider creating services with an internal load balancer instead of a …
 Kubernetes.Metadata                 Fail       Consider applying recommended labels defined by Kubernetes.…
 
    TargetName: azure-vote-front
@@ -78,7 +77,6 @@ Kubernetes.Pod.Resources            Fail       Resource requirements are set for
 Kubernetes.Pod.Secrets              Pass       Use Kubernetes secrets to store information such as passwords or connec…
 Kubernetes.Pod.Health               Fail       Containers should use liveness and readiness probes.
 Kubernetes.Pod.Replicas             Fail       Consider increasing replicas to two or more to provide high availabilit…
-Kubernetes.AKS.PublicLB             Fail       Consider creating services with an internal load balancer instead of a …
 Kubernetes.Metadata                 Fail       Consider applying recommended labels defined by Kubernetes.…
 ```
 
@@ -99,6 +97,23 @@ In the example above:
 - `-Format Yaml` - indicates that the input is YAML.
 - `-ObjectPath items` - indicates that the input nests objects to evaluate under the `items` property.
 
+### Using baselines
+
+PSRule for Kubernetes comes with the following baselines:
+
+- `Kubernetes` - Includes common Kubernetes rules. This is the default.
+- `AKS` - Includes all the rules from `Kubernetes` plus additional Azure Kubernetes Service (AKS) specific rules.
+
+To use the `AKS` baseline instead of the default use `Invoke-PSRule -Baseline AKS`.
+
+For example:
+
+```powershell
+Invoke-PSRule -f $sourceUrl -Module 'PSRule.Rules.Kubernetes' -Baseline AKS;
+```
+
+If `-Baseline AKS` is not specified, the default baseline `Kubernetes` will be used.
+
 ### Additional options
 
 To filter results to only failed rules, use `Invoke-PSRule -Outcome Fail`.
@@ -125,7 +140,6 @@ The output of this example is:
 ```text
 RuleName                            Pass  Fail  Outcome
 --------                            ----  ----  -------
-Kubernetes.AKS.PublicLB             1     1     Fail
 Kubernetes.API.Removal              0     2     Fail
 Kubernetes.Metadata                 0     4     Fail
 Kubernetes.Pod.PrivilegeEscalation  0     2     Fail
diff --git a/pipeline.build.ps1 b/pipeline.build.ps1
@@ -100,15 +100,15 @@ task VersionModule ModuleDependencies, {
     $manifest = Test-ModuleManifest -Path $manifestPath;
     $requiredModules = $manifest.RequiredModules | ForEach-Object -Process {
         if ($_.Name -eq 'PSRule' -and $Configuration -eq 'Release') {
-            @{ ModuleName = 'PSRule'; ModuleVersion = '0.11.0' }
+            @{ ModuleName = 'PSRule'; ModuleVersion = '0.12.0' }
         }
         else {
             @{ ModuleName = $_.Name; ModuleVersion = $_.Version }
         }
     };
     Update-ModuleManifest -Path $manifestPath -RequiredModules $requiredModules;
     $manifestContent = Get-Content -Path $manifestPath -Raw;
-    $manifestContent = $manifestContent -replace 'PSRule = ''System.Collections.Hashtable''', 'PSRule = @{ Baseline = ''KubeBaseline'' }';
+    $manifestContent = $manifestContent -replace 'PSRule = ''System.Collections.Hashtable''', 'PSRule = @{ Baseline = ''Kubernetes'' }';
     $manifestContent | Set-Content -Path $manifestPath;
 }
 
@@ -150,8 +150,8 @@ task PSScriptAnalyzer NuGet, {
 
 # Synopsis: Install PSRule
 task PSRule NuGet, {
-    if ($Null -eq (Get-InstalledModule -Name PSRule -MinimumVersion 0.11.0 -ErrorAction Ignore)) {
-        Install-Module -Name PSRule -MinimumVersion 0.11.0 -Scope CurrentUser -Force;
+    if ($Null -eq (Get-InstalledModule -Name PSRule -MinimumVersion 0.12.0 -ErrorAction Ignore)) {
+        Install-Module -Name PSRule -MinimumVersion 0.12.0 -Scope CurrentUser -Force;
     }
     Import-Module -Name PSRule -Verbose:$False;
 }
@@ -238,9 +238,9 @@ task BuildHelp BuildModule, PlatyPS, {
     }
 
     # Copy generated help into module out path
-    # $Null = Copy-Item -Path out/docs/PSRule.Rules.Kubernetes/ -Destination out/modules/PSRule.Rules.Kubernetes/en-US/ -Recurse;
-    # $Null = Copy-Item -Path out/docs/PSRule.Rules.Kubernetes/ -Destination out/modules/PSRule.Rules.Kubernetes/en-AU/ -Recurse;
-    # $Null = Copy-Item -Path out/docs/PSRule.Rules.Kubernetes/ -Destination out/modules/PSRule.Rules.Kubernetes/en-GB/ -Recurse;
+    # $Null = Copy-Item -Path out/docs/PSRule.Rules.Kubernetes/* -Destination out/modules/PSRule.Rules.Kubernetes/en-US/ -Recurse;
+    # $Null = Copy-Item -Path out/docs/PSRule.Rules.Kubernetes/* -Destination out/modules/PSRule.Rules.Kubernetes/en-AU/ -Recurse;
+    # $Null = Copy-Item -Path out/docs/PSRule.Rules.Kubernetes/* -Destination out/modules/PSRule.Rules.Kubernetes/en-GB/ -Recurse;
     $Null = Copy-Item -Path docs/rules/en-US/*.md -Destination out/modules/PSRule.Rules.Kubernetes/en-US/;
     $Null = Copy-Item -Path docs/rules/en-US/*.md -Destination out/modules/PSRule.Rules.Kubernetes/en-AU/;
     $Null = Copy-Item -Path docs/rules/en-US/*.md -Destination out/modules/PSRule.Rules.Kubernetes/en-GB/;
diff --git a/src/PSRule.Rules.Kubernetes/PSRule.Rules.Kubernetes.psd1 b/src/PSRule.Rules.Kubernetes/PSRule.Rules.Kubernetes.psd1
@@ -75,7 +75,7 @@ FunctionsToExport = @()
 CmdletsToExport = @()
 
 # Variables to export from this module
-VariablesToExport = '*'
+VariablesToExport = @()
 
 # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
 AliasesToExport = @()
@@ -108,7 +108,7 @@ PrivateData = @{
         ReleaseNotes = 'https://github.com/BernieWhite/PSRule.Rules.Kubernetes/blob/master/CHANGELOG.md'
     } # End of PSData hashtable
     PSRule = @{
-        Baseline = 'KubeBaseline'
+        Baseline = 'Kubernetes'
     }
 } # End of PrivateData hashtable
 
diff --git a/src/PSRule.Rules.Kubernetes/rules/Baseline.Rule.yaml b/src/PSRule.Rules.Kubernetes/rules/Baseline.Rule.yaml
@@ -3,7 +3,7 @@
 # Synopsis: A baseline for Kubernetes.
 kind: Baseline
 metadata:
-  name: KubeBaseline
+  name: Kubernetes
 spec:
   binding:
     targetName:
@@ -12,12 +12,15 @@ spec:
     - kind
     field:
       namespace: [ 'metadata.namespace' ]
+  rule:
+    tag:
+      group: core
 
 ---
 # Synopsis: A baseline for Azure Kubernetes Service (AKS).
 kind: Baseline
 metadata:
-  name: AKSBaseline
+  name: AKS
 spec:
   binding:
     targetName:
@@ -26,3 +29,6 @@ spec:
     - kind
     field:
       namespace: [ 'metadata.namespace' ]
+  rule:
+    tag:
+      group: [ 'core', 'AKS' ]
diff --git a/src/PSRule.Rules.Kubernetes/rules/Kubernetes.AKS.Rule.ps1 b/src/PSRule.Rules.Kubernetes/rules/Kubernetes.AKS.Rule.ps1
@@ -3,7 +3,7 @@
 #
 
 # Synopsis: Services should not include a public load balancer
-Rule 'Kubernetes.AKS.PublicLB' -Type Service -Tag @{ category = 'Pod security' } -If { $PSRule.TargetName -ne 'addon-http-application-routing-nginx-ingress' } {
+Rule 'Kubernetes.AKS.PublicLB' -Type Service -If { $PSRule.TargetName -ne 'addon-http-application-routing-nginx-ingress' } -Tag @{ group = 'AKS' } {
     if ($Assert.HasFieldValue($TargetObject, 'spec.type', 'LoadBalancer').Result) {
         Within 'metadata.annotations.''service.beta.kubernetes.io/azure-load-balancer-internal''' 'true'
     }
diff --git a/src/PSRule.Rules.Kubernetes/rules/Kubernetes.API.Rule.ps1 b/src/PSRule.Rules.Kubernetes/rules/Kubernetes.API.Rule.ps1
@@ -3,7 +3,7 @@
 #
 
 # Synopsis: Avoid using legacy API endpoints
-Rule 'Kubernetes.API.Removal' -Type DaemonSet, Deployment, StatefulSet, ReplicaSet, NetworkPolicy, PodSecurityPolicy -Tag @{ category = 'API' } {
+Rule 'Kubernetes.API.Removal' -Type DaemonSet, Deployment, StatefulSet, ReplicaSet, NetworkPolicy, PodSecurityPolicy -Tag @{ group = 'core' } {
     if ($PSRule.TargetType -in 'DaemonSet', 'Deployment', 'StatefulSet', 'ReplicaSet') {
         $TargetObject.apiVersion -eq 'apps/v1'
     }
diff --git a/src/PSRule.Rules.Kubernetes/rules/Kubernetes.Metadata.Rule.ps1 b/src/PSRule.Rules.Kubernetes/rules/Kubernetes.Metadata.Rule.ps1
@@ -3,7 +3,7 @@
 #
 
 # Synopsis: Use recommended labels
-Rule 'Kubernetes.Metadata' -Type 'Deployment', 'Service', 'ReplicaSet', 'Pod' -Tag @{ category = 'Resource management'; } {
+Rule 'Kubernetes.Metadata' -Type 'Deployment', 'Service', 'ReplicaSet', 'Pod' -Tag @{ group = 'core' } {
     Exists 'metadata.labels.''app.kubernetes.io/name''' -Reason ($LocalizedData.RecommendLabel -f 'app.kubernetes.io/name')
     Exists 'metadata.labels.''app.kubernetes.io/instance''' -Reason ($LocalizedData.RecommendLabel -f 'app.kubernetes.io/instance')
     Exists 'metadata.labels.''app.kubernetes.io/version''' -Reason ($LocalizedData.RecommendLabel -f 'app.kubernetes.io/version')
diff --git a/src/PSRule.Rules.Kubernetes/rules/Kubernetes.Pod.Rule.ps1 b/src/PSRule.Rules.Kubernetes/rules/Kubernetes.Pod.Rule.ps1
@@ -3,23 +3,23 @@
 #
 
 # Synopsis: Containers should deny privilege escalation
-Rule 'Kubernetes.Pod.PrivilegeEscalation' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ category = 'Pod security'; } {
+Rule 'Kubernetes.Pod.PrivilegeEscalation' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ group = 'core' } {
     foreach ($container in (GetContainerSpec)) {
         $container | Exists 'securityContext.allowPrivilegeEscalation'
         $container.securityContext.allowPrivilegeEscalation -eq $False
     }
 }
 
 # Synopsis: Containers should use specific tags instead of latest
-Rule 'Kubernetes.Pod.Latest' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ category = 'Pod security'; } {
+Rule 'Kubernetes.Pod.Latest' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ group = 'core' } {
     foreach ($container in (GetContainerSpec)) {
         $container.image -like '*:*' -and 
         $container.image -notlike '*:latest'
     }
 }
 
 # Synopsis: Resource requirements are set for each container
-Rule 'Kubernetes.Pod.Resources' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ category = 'Resource management'; } {
+Rule 'Kubernetes.Pod.Resources' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ group = 'core' } {
     foreach ($container in (GetContainerSpec)) {
         $container | Exists 'resources.requests.cpu' -Reason $LocalizedData.PodCPURequest
         $container | Exists 'resources.requests.memory' -Reason $LocalizedData.PodMemRequest
@@ -29,7 +29,7 @@ Rule 'Kubernetes.Pod.Resources' -Type Deployment, Pod, ReplicaSet -If { (HasCont
 }
 
 # Synopsis: Sensitive environment variables should be secured
-Rule 'Kubernetes.Pod.Secrets' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ category = 'Pod security'; } {
+Rule 'Kubernetes.Pod.Secrets' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ group = 'core' } {
     foreach ($container in (GetContainerSpec)) {
         if ($Assert.HasField($container, 'env').Result) {
             foreach ($variable in $container.env) {
@@ -48,7 +48,7 @@ Rule 'Kubernetes.Pod.Secrets' -Type Deployment, Pod, ReplicaSet -If { (HasContai
 }
 
 # Synopsis: Containers should use liveness and readiness probes
-Rule 'Kubernetes.Pod.Health' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ category = 'Reliability'; } {
+Rule 'Kubernetes.Pod.Health' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ group = 'core' } {
     foreach ($container in (GetContainerSpec)) {
         $container | Exists 'livenessProbe' -Reason ($LocalizedData.LivenessProbe -f $container.name)
     }
@@ -58,7 +58,7 @@ Rule 'Kubernetes.Pod.Health' -Type Deployment, Pod, ReplicaSet -If { (HasContain
 }
 
 # Synopsis: Use two or more replicas
-Rule 'Kubernetes.Pod.Replicas' -Type Deployment, ReplicaSet, StatefulSet -Tag @{ category = 'Reliability'; } {
+Rule 'Kubernetes.Pod.Replicas' -Type Deployment, ReplicaSet, StatefulSet -Tag @{ group = 'core' } {
     Exists 'spec.replicas'
     $TargetObject.spec.replicas -ge 2
 }
diff --git a/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.AKS.Tests.ps1 b/tests/PSRule.Rules.Kubernetes.Tests/Kubernetes.AKS.Tests.ps1
@@ -23,8 +23,8 @@ $here = (Resolve-Path $PSScriptRoot).Path;
 Describe 'Kubernetes.AKS' {
     $testParams = @{
         Module = 'PSRule.Rules.Kubernetes'
-        # Option = Join-Path -Path $here -ChildPath ps-rule.yaml
         InputPath = Join-Path -Path $here -ChildPath Resources.AKS.yaml
+        Baseline = 'AKS'
     }
 
     $result = Invoke-PSRule @testParams -WarningAction Ignore;
diff --git a/tests/PSRule.Rules.Kubernetes.Tests/Rule.Common.Tests.ps1 b/tests/PSRule.Rules.Kubernetes.Tests/Rule.Common.Tests.ps1
@@ -36,7 +36,7 @@ Describe 'Rule quality' {
             It $rule.RuleName {
                 $rule.Synopsis | Should -Not -BeNullOrEmpty;
                 $rule.Description | Should -Not -BeNullOrEmpty;
-                $rule.Tag.category | Should -Not -BeNullOrEmpty;
+                $rule.Info.Annotations.category | Should -Not -BeNullOrEmpty;
                 $rule.Info.Annotations.severity | Should -Not -BeNullOrEmpty;
                 $rule.Info.GetOnlineHelpUri()  | Should -Not -BeNullOrEmpty;
             }

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`	`#`
`4`	`4`
`5`	`5`	`# Synopsis: Services should not include a public load balancer`
`6`		`-Rule 'Kubernetes.AKS.PublicLB' -Type Service -Tag @{ category = 'Pod security' } -If { $PSRule.TargetName -ne 'addon-http-application-routing-nginx-ingress' } {`
	`6`	`+Rule 'Kubernetes.AKS.PublicLB' -Type Service -If { $PSRule.TargetName -ne 'addon-http-application-routing-nginx-ingress' } -Tag @{ group = 'AKS' } {`
`7`	`7`	`if ($Assert.HasFieldValue($TargetObject, 'spec.type', 'LoadBalancer').Result) {`
`8`	`8`	`Within 'metadata.annotations.''service.beta.kubernetes.io/azure-load-balancer-internal''' 'true'`
`9`	`9`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`	`#`
`4`	`4`
`5`	`5`	`# Synopsis: Avoid using legacy API endpoints`
`6`		`-Rule 'Kubernetes.API.Removal' -Type DaemonSet, Deployment, StatefulSet, ReplicaSet, NetworkPolicy, PodSecurityPolicy -Tag @{ category = 'API' } {`
	`6`	`+Rule 'Kubernetes.API.Removal' -Type DaemonSet, Deployment, StatefulSet, ReplicaSet, NetworkPolicy, PodSecurityPolicy -Tag @{ group = 'core' } {`
`7`	`7`	`if ($PSRule.TargetType -in 'DaemonSet', 'Deployment', 'StatefulSet', 'ReplicaSet') {`
`8`	`8`	`$TargetObject.apiVersion -eq 'apps/v1'`
`9`	`9`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`	`#`
`4`	`4`
`5`	`5`	`# Synopsis: Use recommended labels`
`6`		`-Rule 'Kubernetes.Metadata' -Type 'Deployment', 'Service', 'ReplicaSet', 'Pod' -Tag @{ category = 'Resource management'; } {`
	`6`	`+Rule 'Kubernetes.Metadata' -Type 'Deployment', 'Service', 'ReplicaSet', 'Pod' -Tag @{ group = 'core' } {`
`7`	`7`	`Exists 'metadata.labels.''app.kubernetes.io/name''' -Reason ($LocalizedData.RecommendLabel -f 'app.kubernetes.io/name')`
`8`	`8`	`Exists 'metadata.labels.''app.kubernetes.io/instance''' -Reason ($LocalizedData.RecommendLabel -f 'app.kubernetes.io/instance')`
`9`	`9`	`Exists 'metadata.labels.''app.kubernetes.io/version''' -Reason ($LocalizedData.RecommendLabel -f 'app.kubernetes.io/version')`
Original file line number	Diff line number	Diff line change
`@@ -3,23 +3,23 @@`
`3`	`3`	`#`
`4`	`4`
`5`	`5`	`# Synopsis: Containers should deny privilege escalation`
`6`		`-Rule 'Kubernetes.Pod.PrivilegeEscalation' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ category = 'Pod security'; } {`
	`6`	`+Rule 'Kubernetes.Pod.PrivilegeEscalation' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ group = 'core' } {`
`7`	`7`	`foreach ($container in (GetContainerSpec)) {`
`8`	`8`	`$container \| Exists 'securityContext.allowPrivilegeEscalation'`
`9`	`9`	`$container.securityContext.allowPrivilegeEscalation -eq $False`
`10`	`10`	`}`
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`# Synopsis: Containers should use specific tags instead of latest`
`14`		`-Rule 'Kubernetes.Pod.Latest' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ category = 'Pod security'; } {`
	`14`	`+Rule 'Kubernetes.Pod.Latest' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ group = 'core' } {`
`15`	`15`	`foreach ($container in (GetContainerSpec)) {`
`16`	`16`	`$container.image -like ':' -and`
`17`	`17`	`$container.image -notlike '*:latest'`
`18`	`18`	`}`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`# Synopsis: Resource requirements are set for each container`
`22`		`-Rule 'Kubernetes.Pod.Resources' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ category = 'Resource management'; } {`
	`22`	`+Rule 'Kubernetes.Pod.Resources' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ group = 'core' } {`
`23`	`23`	`foreach ($container in (GetContainerSpec)) {`
`24`	`24`	`$container \| Exists 'resources.requests.cpu' -Reason $LocalizedData.PodCPURequest`
`25`	`25`	`$container \| Exists 'resources.requests.memory' -Reason $LocalizedData.PodMemRequest`
`@@ -29,7 +29,7 @@ Rule 'Kubernetes.Pod.Resources' -Type Deployment, Pod, ReplicaSet -If { (HasCont`
`29`	`29`	`}`
`30`	`30`
`31`	`31`	`# Synopsis: Sensitive environment variables should be secured`
`32`		`-Rule 'Kubernetes.Pod.Secrets' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ category = 'Pod security'; } {`
	`32`	`+Rule 'Kubernetes.Pod.Secrets' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ group = 'core' } {`
`33`	`33`	`foreach ($container in (GetContainerSpec)) {`
`34`	`34`	`if ($Assert.HasField($container, 'env').Result) {`
`35`	`35`	`foreach ($variable in $container.env) {`
`@@ -48,7 +48,7 @@ Rule 'Kubernetes.Pod.Secrets' -Type Deployment, Pod, ReplicaSet -If { (HasContai`
`48`	`48`	`}`
`49`	`49`
`50`	`50`	`# Synopsis: Containers should use liveness and readiness probes`
`51`		`-Rule 'Kubernetes.Pod.Health' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ category = 'Reliability'; } {`
	`51`	`+Rule 'Kubernetes.Pod.Health' -Type Deployment, Pod, ReplicaSet -If { (HasContainerSpec) } -Tag @{ group = 'core' } {`
`52`	`52`	`foreach ($container in (GetContainerSpec)) {`
`53`	`53`	`$container \| Exists 'livenessProbe' -Reason ($LocalizedData.LivenessProbe -f $container.name)`
`54`	`54`	`}`
`@@ -58,7 +58,7 @@ Rule 'Kubernetes.Pod.Health' -Type Deployment, Pod, ReplicaSet -If { (HasContain`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`# Synopsis: Use two or more replicas`
`61`		`-Rule 'Kubernetes.Pod.Replicas' -Type Deployment, ReplicaSet, StatefulSet -Tag @{ category = 'Reliability'; } {`
	`61`	`+Rule 'Kubernetes.Pod.Replicas' -Type Deployment, ReplicaSet, StatefulSet -Tag @{ group = 'core' } {`
`62`	`62`	`Exists 'spec.replicas'`
`63`	`63`	`$TargetObject.spec.replicas -ge 2`
`64`	`64`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,8 +23,8 @@ $here = (Resolve-Path $PSScriptRoot).Path;`
`23`	`23`	`Describe 'Kubernetes.AKS' {`
`24`	`24`	`$testParams = @{`
`25`	`25`	`Module = 'PSRule.Rules.Kubernetes'`
`26`		`- # Option = Join-Path -Path $here -ChildPath ps-rule.yaml`
`27`	`26`	`InputPath = Join-Path -Path $here -ChildPath Resources.AKS.yaml`
	`27`	`+ Baseline = 'AKS'`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`$result = Invoke-PSRule @testParams -WarningAction Ignore;`