diff --git a/README.md b/README.md index 92b6261..4cd170f 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,13 @@ the `defaultRequest`, `defaultLimit`, and `maxLimit` fields, if set, will be ignored. Additionally, `ignoreValues` default value is `false`, so it's recommended to only provide it when you want to set it to `true`. +> [!NOTE] +> The admission request review evaluated by the policy could be mutated by +> another admission controller, like the LimitRange admission controller. This +> means that the policy could accept a resource that at first looks invalid, but +> that is later mutated by another admission controller to be valid. For example, +> LimitRange will set the default request values if they are not set. + Any container that uses an image that matches an entry in this list will be excluded from enforcement. diff --git a/artifacthub-pkg.yml b/artifacthub-pkg.yml index 436d86f..5ded5a4 100644 --- a/artifacthub-pkg.yml +++ b/artifacthub-pkg.yml @@ -7,7 +7,7 @@ version: 0.2.2 name: container-resources displayName: Container Resources -createdAt: 2024-03-15T17:07:43.480376548Z +createdAt: 2024-04-12T11:54:02.226315046Z description: Policy is designed to enforce constraints on the resource requirements of Kubernetes containers license: Apache-2.0 homeURL: https://github.com/kubewarden/container-resources-policy @@ -60,6 +60,14 @@ annotations: type: map[ variable: cpu subquestions: + - default: false + group: Settings + label: Ignore values + title: Ignore values + type: boolean + variable: cpu.ignoreValues + tooltip: >- + Skip enforcement of specific values, but ensure that requests and limits are set - default: '' tooltip: >- Defines default minimum CPU requested. @@ -67,6 +75,7 @@ annotations: label: Default CPU requested type: string variable: cpu.defaultRequest + show_if: cpu.ignoreValues=false - default: '' tooltip: >- Defines default CPU limit value. @@ -74,6 +83,7 @@ annotations: label: Default CPU limit type: string variable: cpu.defaultLimit + show_if: cpu.ignoreValues=false - default: '' tooltip: >- Defines maximum limit value allowed to be set for the CPU resource @@ -81,6 +91,7 @@ annotations: label: Max CPU limit allowed type: string variable: cpu.maxLimit + show_if: cpu.ignoreValues=false - default: {} description: Defines the limit and minimum amount requested for memory resource group: Settings @@ -89,6 +100,14 @@ annotations: type: map[ variable: memory subquestions: + - default: false + group: Settings + label: Ignore values + title: Ignore values + type: boolean + variable: memory.ignoreValues + tooltip: >- + Skip enforcement of specific values, but ensure that requests and limits are set - default: '' tooltip: >- Defines default minimum memory requested. @@ -96,6 +115,7 @@ annotations: label: Default memory requested type: string variable: memory.defaultRequest + show_if: memory.ignoreValues=false - default: '' tooltip: >- Defines default memory limit value. @@ -103,6 +123,7 @@ annotations: label: Default memory limit type: string variable: memory.defaultLimit + show_if: memory.ignoreValues=false - default: '' tooltip: >- Defines maximum limit value allowed to be set for the memory resource @@ -110,6 +131,7 @@ annotations: label: Max memory limit allowed type: string variable: memory.maxLimit + show_if: memory.ignoreValues=false - default: [] description: >- Configuration used to exclude containers from enforcement diff --git a/questions-ui.yml b/questions-ui.yml index 20e4372..518ac6a 100644 --- a/questions-ui.yml +++ b/questions-ui.yml @@ -17,6 +17,14 @@ questions: type: map[ variable: cpu subquestions: + - default: false + group: Settings + label: Ignore values + title: Ignore values + type: boolean + variable: cpu.ignoreValues + tooltip: >- + Skip enforcement of specific values, but ensure that requests and limits are set - default: '' tooltip: >- Defines default minimum CPU requested. @@ -24,6 +32,7 @@ questions: label: Default CPU requested type: string variable: cpu.defaultRequest + show_if: cpu.ignoreValues=false - default: '' tooltip: >- Defines default CPU limit value. @@ -31,6 +40,7 @@ questions: label: Default CPU limit type: string variable: cpu.defaultLimit + show_if: cpu.ignoreValues=false - default: '' tooltip: >- Defines maximum limit value allowed to be set for the CPU resource @@ -38,6 +48,7 @@ questions: label: Max CPU limit allowed type: string variable: cpu.maxLimit + show_if: cpu.ignoreValues=false - default: {} description: Defines the limit and minimum amount requested for memory resource group: Settings @@ -46,6 +57,14 @@ questions: type: map[ variable: memory subquestions: + - default: false + group: Settings + label: Ignore values + title: Ignore values + type: boolean + variable: memory.ignoreValues + tooltip: >- + Skip enforcement of specific values, but ensure that requests and limits are set - default: '' tooltip: >- Defines default minimum memory requested. @@ -53,6 +72,7 @@ questions: label: Default memory requested type: string variable: memory.defaultRequest + show_if: memory.ignoreValues=false - default: '' tooltip: >- Defines default memory limit value. @@ -60,6 +80,7 @@ questions: label: Default memory limit type: string variable: memory.defaultLimit + show_if: memory.ignoreValues=false - default: '' tooltip: >- Defines maximum limit value allowed to be set for the memory resource @@ -67,6 +88,7 @@ questions: label: Max memory limit allowed type: string variable: memory.maxLimit + show_if: memory.ignoreValues=false - default: [] description: >- Configuration used to exclude containers from enforcement