Ephemeral storage limit check not skipped when `"kube-score/ignore": "container-resources"` annotation is set

Question

Ephemeral storage limit check not skipped when `"kube-score/ignore": "container-resources"` annotation is set

zliebersbach opened this issue 2 years ago · comments

Zoë Liebersbach commented 2 years ago

Which version of kube-score are you using?

kube-score version: 1.14.0

What did you do?

I expect the "kube-score/ignore": "container-resources" to ignore the ephemeral storage resource limit checks.

v1/Pod test-connection                     💥
    [CRITICAL] Container Ephemeral Storage Request and Limit
        · wget -> Ephemeral Storage limit is not set
            Resource limits are recommended to avoid resource DDOS. Set
            resources.limits.ephemeral-storage

Pod spec:

apiVersion: v1
kind: Pod
metadata:
  name: "test-connection"
  annotations:
    "helm.sh/hook": test
    "kube-score/ignore": 'container-resources,container-image-pull-policy,pod-probes,container-security-context-user-group-id,container-security-context-readonlyrootfilesystem'
spec:
  containers:
    - name: wget
      image: busybox:1
      command: ['wget']
      args: ['http://my-api/health/live']
  restartPolicy: Never

What did you expect to see?

The ephemeral storage resource limit check is skipped.

What did you see instead?

The ephemeral storage resource limit check was not skipped.

Kenneth Martau · Answer 1 · Wed Mar 23 2022 04:05:03 GMT+0800 (China Standard Time)

@zliebersbach
Yes, this is a bug. At present, the "container/resources" only applies to CPU and memory resource checks. I will fix this. Until then, you can suppress the ephemeral storage test by adding this to the runtime flags specified:

--ignore-test container-ephemeral-storage-request-and-limit or simply add it to the list of annotations

Gustav Westling · Answer 2 · Mon Mar 28 2022 23:34:02 GMT+0800 (China Standard Time)

Fixed by #450