Modify rule S6869: Add examples for LimitRange (#4004)

SonarSource · Jun 28, 2024 · 56beff2 · 56beff2
1 parent 818dd10
commit 56beff2
Showing 1 changed file with 39 additions and 1 deletion.
diff --git a/rules/S6869/kubernetes/rule.adoc b/rules/S6869/kubernetes/rule.adoc
@@ -30,6 +30,8 @@ data, disrupting critical operations and impacting system reliability.
 
 === Code examples
 
+To avoid potential issues, either specify a CPU limit for each container or create a resource of type `LimitRange` that sets a default CPU limit for all containers in a namespace.
+
 ==== Noncompliant code example
 
 [source,yaml,diff-id=1,diff-type=noncompliant]
@@ -44,6 +46,18 @@ spec:
       image: nginx
 ----
 
+[source,yaml,diff-id=2,diff-type=noncompliant]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx-ns-noncompliant
+spec:
+  containers:
+    - name: nginx-ns-noncompliant # Noncompliant
+      image: nginx
+----
+
 ==== Compliant solution
 
 [source,yaml,diff-id=1,diff-type=compliant]
@@ -61,11 +75,35 @@ spec:
           cpu: 0.5
 ----
 
+[source,yaml,diff-id=2,diff-type=compliant]
+----
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: cpu-limit-range
+  namespace: default-cpu-example
+spec:
+  limits:
+  - default:
+      cpu: 0.5
+    type: Container
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx-ns-compliant
+  namespace: default-cpu-example
+spec:
+  containers:
+  - name: nginx-ns-compliant
+    image: nginx
+----
+
 === How does this work?
 
 A limit can be set through the property `resources.limits.cpu` of a
 container. Alternatively, a default limit for a namespace can be set with
-`LimitRange`.
+`LimitRange` through `spec.limits[].default.cpu`.
 
 == Resources