ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modify rule S6869: Add examples for LimitRange (#4004)

Browse Source
This commit is contained in:
Peter Trifanov 2024-06-28 09:22:32 +02:00 committed by GitHub
parent 818dd102d8
commit 56beff2e4d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
rules/S6869/kubernetes/rule.adoc
View File

@ -30,6 +30,8 @@ data, disrupting critical operations and impacting system reliability.
=== Code examples
To avoid potential issues, either specify a CPU limit for each container or create a resource of type `LimitRange` that sets a default CPU limit for all containers in a namespace.
==== Noncompliant code example
[source,yaml,diff-id=1,diff-type=noncompliant]
@ -44,6 +46,18 @@ spec:
image: nginx
----
[source,yaml,diff-id=2,diff-type=noncompliant]
----
apiVersion: v1
kind: Pod
metadata:
name: nginx-ns-noncompliant
spec:
containers:
- name: nginx-ns-noncompliant # Noncompliant
image: nginx
----
==== Compliant solution
[source,yaml,diff-id=1,diff-type=compliant]
@ -61,11 +75,35 @@ spec:
cpu: 0.5
----
[source,yaml,diff-id=2,diff-type=compliant]
----
apiVersion: v1
kind: LimitRange
metadata:
name: cpu-limit-range
namespace: default-cpu-example
spec:
limits:
- default:
cpu: 0.5
type: Container
---
apiVersion: v1
kind: Pod
metadata:
name: nginx-ns-compliant
namespace: default-cpu-example
spec:
containers:
- name: nginx-ns-compliant
image: nginx
----
=== How does this work?
A limit can be set through the property `resources.limits.cpu` of a
container. Alternatively, a default limit for a namespace can be set with
`LimitRange`.
`LimitRange` through `spec.limits[].default.cpu`.
== Resources