github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/advanced/optional/use_limit_range.rego

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/kubernetes/policies/advanced/optional/use_limit_range.rego (about)

     1  # METADATA
     2  # title: "limit range usage"
     3  # description: "ensure limit range policy has configure in order to limit resource usage for namespaces or nodes"
     4  # scope: package
     5  # schemas:
     6  # - input: schema["kubernetes"]
     7  # related_resources:
     8  # - https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy/
     9  # custom:
    10  #   id: KSV039
    11  #   avd_id: AVD-KSV-0039
    12  #   severity: LOW
    13  #   short_code: limit-range-usage
    14  #   recommended_action: "create limit range policy with a default request and limit, min and max request, for each container."
    15  #   input:
    16  #     selector:
    17  #     - type: kubernetes
    18  package builtin.kubernetes.KSV039
    19  
    20  import data.lib.kubernetes
    21  import data.lib.utils
    22  
    23  limitRangeConfigure {
    24  	lower(input.kind) == "limitrange"
    25  	kubernetes.has_field(input.spec, "limits")
    26  	limit := input.spec.limits[_]
    27  	kubernetes.has_field(limit, "type")
    28  	kubernetes.has_field(limit, "max")
    29  	kubernetes.has_field(limit, "min")
    30  	kubernetes.has_field(limit, "default")
    31  	kubernetes.has_field(limit, "defaultRequest")
    32  }
    33  
    34  deny[res] {
    35  	not limitRangeConfigure
    36  	msg := "limit range policy with a default request and limit, min and max request, for each container should be configure"
    37  	res := result.new(msg, input.spec)
    38  }