sundowndev
/
clusterlint
mirror of https://github.com/sundowndev/clusterlint.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove quotas and limits from default-namespace check. 

* It is perfectly reasonable to have resource quotas and limit ranges in the default namespace in order to avoid resource monopolization.
varsha/versions
Varsha Varadarajan 2019-06-24 11:51:32 -04:00
parent 1485fdb27a
commit 19c60903e8
2 changed files with 6 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
checks/basic/namespace.go
View File

@ -97,24 +97,6 @@ func checkConfigMaps(items *corev1.ConfigMapList, alert *alert) {
}
}
// checkQuotas checks if there are quotas in the default namespace
func checkQuotas(items *corev1.ResourceQuotaList, alert *alert) {
for _, item := range items.Items {
if corev1.NamespaceDefault == item.GetNamespace() {
alert.warn("Resource Quota", item.ObjectMeta)
}
}
}
// checkLimits checks if there are limits in the default namespace
func checkLimits(items *corev1.LimitRangeList, alert *alert) {
for _, item := range items.Items {
if corev1.NamespaceDefault == item.GetNamespace() {
alert.warn("Limit Range", item.ObjectMeta)
}
}
}
// checkServices checks if there are user created services in the default namespace
func checkServices(items *corev1.ServiceList, alert *alert) {
for _, item := range items.Items {
@ -168,16 +150,6 @@ func (nc *defaultNamespaceCheck) Run(objects *kube.Objects) (warnings []error, e
return nil
})
g.Go(func() error {
checkQuotas(objects.ResourceQuotas, alert)
return nil
})
g.Go(func() error {
checkLimits(objects.LimitRanges, alert)
return nil
})
g.Go(func() error {
checkServices(objects.Services, alert)
return nil

10
checks/basic/namespace_test.go
View File

@ -68,8 +68,9 @@ func userCreatedObjects() *kube.Objects {
objs.PodTemplates = &corev1.PodTemplateList{Items: []corev1.PodTemplate{{ObjectMeta: metav1.ObjectMeta{Name: "template_foo", Namespace: "default"}}}}
objs.PersistentVolumeClaims = &corev1.PersistentVolumeClaimList{Items: []corev1.PersistentVolumeClaim{{ObjectMeta: metav1.ObjectMeta{Name: "pvc_foo", Namespace: "default"}}}}
objs.ConfigMaps = &corev1.ConfigMapList{Items: []corev1.ConfigMap{{ObjectMeta: metav1.ObjectMeta{Name: "cm_foo", Namespace: "default"}}}}
objs.ResourceQuotas = &corev1.ResourceQuotaList{Items: []corev1.ResourceQuota{{ObjectMeta: metav1.ObjectMeta{Name: "quota_foo", Namespace: "default"}}}}
objs.LimitRanges = &corev1.LimitRangeList{Items: []corev1.LimitRange{{ObjectMeta: metav1.ObjectMeta{Name: "limit_foo", Namespace: "default"}}}}
objs.Services = &corev1.ServiceList{Items: []corev1.Service{{ObjectMeta: metav1.ObjectMeta{Name: "svc_foo", Namespace: "default"}}}}
objs.Secrets = &corev1.SecretList{Items: []corev1.Secret{{ObjectMeta: metav1.ObjectMeta{Name: "secret_foo", Namespace: "default"}}}}
objs.ServiceAccounts = &corev1.ServiceAccountList{Items: []corev1.ServiceAccount{{ObjectMeta: metav1.ObjectMeta{Name: "sa_foo", Namespace: "default"}}}}
return objs
}
@ -79,8 +80,9 @@ func errors() []error {
fmt.Errorf("Pod template 'template_foo' is in the default namespace."),
fmt.Errorf("Persistent Volume Claim 'pvc_foo' is in the default namespace."),
fmt.Errorf("Config Map 'cm_foo' is in the default namespace."),
fmt.Errorf("Resource Quota 'quota_foo' is in the default namespace."),
fmt.Errorf("Limit Range 'limit_foo' is in the default namespace."),
fmt.Errorf("Service 'svc_foo' is in the default namespace."),
fmt.Errorf("Secret 'secret_foo' is in the default namespace."),
fmt.Errorf("Service Account 'sa_foo' is in the default namespace."),
}
return w
}