0

I'm checking if key resources.limits is provided in deployment kubernetes using OPA rego code. Below is the code, I'm trying to fetch the resources.limits key and it is always returning TRUE. Regardless of resources provided or not.

    package resourcelimits

    violation[{"msg": msg}] {
    some container; input.request.object.spec.template.spec.containers[container]
    not container.resources.limits.memory
    msg := "Resources for the pod needs to be provided"
Improve this question

1 Answer 1

Reset to default
1

You can try something like this:

import future.keywords.in

violation[{"msg": msg}] {
    input.request.kind.kind == "Deployment"

    some container in input.request.object.spec.template.spec.containers
    not container.resources.limits.memory
    msg := sprintf("Container '%v/%v' does not have memory limits", [input.request.object.metadata.name, container.name])
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

We are on lower version of OPA and it does not have future.keywords.in library, Is their any other way to do?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.