Modify rule S6864: Add examples for LimitRange (#4002)

SonarSource · Jun 26, 2024 · 629afcc · 629afcc
1 parent bb109c9
commit 629afcc
Showing 1 changed file with 38 additions and 2 deletions.
diff --git a/rules/S6864/kubernetes/rule.adoc b/rules/S6864/kubernetes/rule.adoc
@@ -39,7 +39,7 @@ node failure.
 
 === Code examples
 
-To avoid potential issues specify a memory limit for each container.
+To avoid potential issues, either specify a memory limit for each container in a pod specification or create a resource of a kind, `LimitRange`, that sets a default memory limit for all containers in all pod specifications belonging to the same namespace.
 
 ==== Noncompliant code example
 
@@ -55,6 +55,18 @@ spec:
       image: nginx
 ----
 
+[source,yaml,diff-id=2,diff-type=noncompliant]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: example
+spec:
+  containers:
+    - name: web # Noncompliant
+      image: nginx
+----
+
 ==== Compliant solution
 
 [source,yaml,diff-id=1,diff-type=compliant]
@@ -72,11 +84,35 @@ spec:
           memory: 100Mi
 ----
 
+[source,yaml,diff-id=2,diff-type=compliant]
+----
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: mem-limit-range
+  namespace: default-mem-example
+spec:
+  limits:
+    - type: Container
+      default:
+        memory: 100Mi
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: example
+  namespace: default-mem-example
+spec:
+  containers:
+    - name: web
+      image: nginx
+----
+
 === How does this work?
 
 A limit can be set through the property `resources.limits.memory` of a
 container. Alternatively, a default limit for a namespace can be set with
-`LimitRange`.
+`LimitRange` through `spec.limits[].default.memory`.
 
 == Resources