Giters

stackrox / kube-linter

KubeLinter is a static analysis tool that checks Kubernetes YAML files and Helm charts to ensure the applications represented in them adhere to best practices.

Home Page:https://docs.kubelinter.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[BUG] A custom check using `cpu-requirments` template returned opposite result what I expected

kanekoh opened this issue · comments

commented

System info:

Linux rhel8.localdomain 4.18.0-240.22.1.el8_3.x86_64 #1 SMP Thu Mar 25 14:36:04 EDT 2021 x86_64 x86_64 x86_64 GNU/Linux

Describe the bug

I was trying to check my custom check using the template cpu-requirments and got result as follows:

When a DaemonSet resource has cpu requirements 100m and set lowerBoundMillis: 150, I got no linter errors.

And, When a DaemonSet resource has cpu requirements 200m and set lowerBoundMillis: 150, I got a linter error.

To Reproduce

Execute the following command using yaml files.

$ kube-linter lint ds-s-sample*.yaml --config kubelinter-config.yml

my custom config kubelinter-config.yml is the below:

checks:
  doNotAutoAddDefaults: true

customChecks:
  - name: unset-cpu-custom-requirements
    template: cpu-requirements
    params:
      requirementsType: "request"
      lowerBoundMillis: 150

Sample YAML input

Sample DaemonSets are below:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: sample-ds
  namespace: sample
spec:
  selector:
    matchLabels:
      name: sample-ds
  template:
    metadata:
      labels:
        name: sample-ds
    spec:
      containers:
      - name: sample-container
        image: quay.io/dummy/dummy:latest
        resources:
          requests:
            cpu: 100m

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: sample-ds
  namespace: sample
spec:
  selector:
    matchLabels:
      name: sample-ds
  template:
    metadata:
      labels:
        name: sample-ds
    spec:
      containers:
      - name: sample-container
        image: quay.io/dummy/dummy:latest
        resources:
          requests:
            cpu: 200m

Expected behavior

I set lowerBoundMillis: 150 so I expected as following error message.

ds-s-sample-cpu-100m.yaml: (object: sample/sample-ds apps/v1, Kind=DaemonSet) container "sample-container" has cpu request 100m (check: unset-cpu-custom-requirements, remediation: )

Screenshots

I got the following message.

ds-s-sample-cpu-200m.yaml: (object: sample/sample-ds apps/v1, Kind=DaemonSet) container "sample-container" has cpu request 200m (check: unset-cpu-custom-requirements, remediation: )
commented

Hey @kanekoh, thanks for taking the time to file this issue. This behaviour is as expected. In the check, you specify the conditions under which the check is violated (i.e, the disallowed condition) rather than the allowed condition. We should probably make this more clear in the docs.

commented

Hello @viswajithiii , Thank you for replying me and for your time. I would wait for the document.
Thanks.