[BUG] A custom check using `cpu-requirments` template returned opposite result what I expected
kanekoh opened this issue · comments
System info:
Linux rhel8.localdomain 4.18.0-240.22.1.el8_3.x86_64 #1 SMP Thu Mar 25 14:36:04 EDT 2021 x86_64 x86_64 x86_64 GNU/Linux
Describe the bug
I was trying to check my custom check using the template cpu-requirments
and got result as follows:
When a DaemonSet resource has cpu requirements 100m
and set lowerBoundMillis: 150
, I got no linter errors.
And, When a DaemonSet resource has cpu requirements 200m
and set lowerBoundMillis: 150
, I got a linter error.
To Reproduce
Execute the following command using yaml files.
$ kube-linter lint ds-s-sample*.yaml --config kubelinter-config.yml
my custom config kubelinter-config.yml
is the below:
checks:
doNotAutoAddDefaults: true
customChecks:
- name: unset-cpu-custom-requirements
template: cpu-requirements
params:
requirementsType: "request"
lowerBoundMillis: 150
Sample YAML input
Sample DaemonSets are below:
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: sample-ds
namespace: sample
spec:
selector:
matchLabels:
name: sample-ds
template:
metadata:
labels:
name: sample-ds
spec:
containers:
- name: sample-container
image: quay.io/dummy/dummy:latest
resources:
requests:
cpu: 100m
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: sample-ds
namespace: sample
spec:
selector:
matchLabels:
name: sample-ds
template:
metadata:
labels:
name: sample-ds
spec:
containers:
- name: sample-container
image: quay.io/dummy/dummy:latest
resources:
requests:
cpu: 200m
Expected behavior
I set lowerBoundMillis: 150
so I expected as following error message.
ds-s-sample-cpu-100m.yaml: (object: sample/sample-ds apps/v1, Kind=DaemonSet) container "sample-container" has cpu request 100m (check: unset-cpu-custom-requirements, remediation: )
Screenshots
I got the following message.
ds-s-sample-cpu-200m.yaml: (object: sample/sample-ds apps/v1, Kind=DaemonSet) container "sample-container" has cpu request 200m (check: unset-cpu-custom-requirements, remediation: )
Hey @kanekoh, thanks for taking the time to file this issue. This behaviour is as expected. In the check, you specify the conditions under which the check is violated (i.e, the disallowed condition) rather than the allowed condition. We should probably make this more clear in the docs.
Hello @viswajithiii , Thank you for replying me and for your time. I would wait for the document.
Thanks.