Modify rule S6873: Add examples for LimitRange (#4015)

SonarSource · Jun 27, 2024 · 2d06669 · 2d06669
1 parent 7a7c79e
commit 2d06669
Showing 1 changed file with 42 additions and 2 deletions.
diff --git a/rules/S6873/kubernetes/rule.adoc b/rules/S6873/kubernetes/rule.adoc
@@ -37,7 +37,9 @@ might crash, causing downtime for all containers running on that node.
 
 === Code examples
 
-To avoid potential issues specify a memory request for each container with `resources.requests.memory`.
+To avoid potential issues, either specify a memory request for each container in a pod specification
+or create a resource of a kind, `LimitRange`,
+that sets a default memory request for all containers in all pod specifications belonging to the same namespace.
 
 ==== Noncompliant code example
 
@@ -53,6 +55,19 @@ spec:
       image: nginx
 ----
 
+[source,yaml,diff-id=2,diff-type=noncompliant]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: example
+spec:
+  containers:
+    - name: web # Noncompliant
+      image: nginx
+----
+
+
 ==== Compliant solution
 
 [source,yaml,diff-id=1,diff-type=compliant]
@@ -70,11 +85,36 @@ spec:
           memory: 100Mi
 ----
 
+[source,yaml,diff-id=2,diff-type=compliant]
+----
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: mem-limit-range
+  namespace: default-mem-example
+spec:
+  limits:
+    - type: Container
+      defaultRequest:
+        memory: 100Mi
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: example
+  namespace: default-mem-example
+spec:
+  containers:
+    - name: web
+      image: nginx
+----
+
+
 === How does this work?
 
 A request can be set through the property `resources.requests.memory` of a
 container. Alternatively, a default request for a namespace can be set with
-`LimitRange`.
+`LimitRange` through `spec.limits[].defaultRequest.memory`.
 
 == Resources