From 0b79741a3be7e9d1d8323369fc7eb7d0da371bfb Mon Sep 17 00:00:00 2001 From: chgl Date: Fri, 8 Sep 2023 13:56:40 +0200 Subject: [PATCH] chore: drop resource requests/limits from helm chart tests --- .polaris.yaml | 44 +++++++++++++++++++ .../tests/check-all-health-probes.yaml | 27 ++++-------- charts/recruit/values.yaml | 10 +++++ 3 files changed, 63 insertions(+), 18 deletions(-) create mode 100644 .polaris.yaml diff --git a/.polaris.yaml b/.polaris.yaml new file mode 100644 index 000000000..0419dbdaf --- /dev/null +++ b/.polaris.yaml @@ -0,0 +1,44 @@ +checks: + # reliability + deploymentMissingReplicas: ignore + priorityClassNotSet: ignore + tagNotSpecified: danger + pullPolicyNotAlways: ignore + readinessProbeMissing: danger + livenessProbeMissing: danger + metadataAndInstanceMismatched: ignore + pdbDisruptionsIsZero: warning + missingPodDisruptionBudget: ignore + topologySpreadConstraint: ignore + + # efficiency + cpuRequestsMissing: ignore + cpuLimitsMissing: ignore + memoryRequestsMissing: ignore + memoryLimitsMissing: ignore + + # security + automountServiceAccountToken: ignore + hostIPCSet: danger + hostPIDSet: danger + linuxHardening: danger + missingNetworkPolicy: ignore + notReadOnlyRootFilesystem: warning + privilegeEscalationAllowed: danger + runAsRootAllowed: danger + runAsPrivileged: danger + dangerousCapabilities: danger + insecureCapabilities: warning + hostNetworkSet: danger + hostPortSet: warning + tlsSettingsMissing: warning + sensitiveContainerEnvVar: ignore + sensitiveConfigmapContent: danger + clusterrolePodExecAttach: danger + rolePodExecAttach: danger + clusterrolebindingPodExecAttach: danger + rolebindingClusterRolePodExecAttach: danger + rolebindingRolePodExecAttach: danger + clusterrolebindingClusterAdmin: danger + rolebindingClusterAdminClusterRole: danger + rolebindingClusterAdminRole: danger diff --git a/charts/recruit/templates/tests/check-all-health-probes.yaml b/charts/recruit/templates/tests/check-all-health-probes.yaml index 6e1b078b4..5c84a8c51 100644 --- a/charts/recruit/templates/tests/check-all-health-probes.yaml +++ b/charts/recruit/templates/tests/check-all-health-probes.yaml @@ -21,13 +21,10 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.tests.resources }} resources: - limits: - cpu: 50m - memory: 64Mi - requests: - cpu: 50m - memory: 64Mi + {{- toYaml . | nindent 8 }} + {{- end }} livenessProbe: exec: command: ["true"] @@ -45,13 +42,10 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.tests.resources }} resources: - limits: - cpu: 50m - memory: 64Mi - requests: - cpu: 50m - memory: 64Mi + {{- toYaml . | nindent 8 }} + {{- end }} livenessProbe: exec: command: ["true"] @@ -69,13 +63,10 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.tests.resources }} resources: - limits: - cpu: 50m - memory: 64Mi - requests: - cpu: 50m - memory: 64Mi + {{- toYaml . | nindent 8 }} + {{- end }} livenessProbe: exec: command: ["true"] diff --git a/charts/recruit/values.yaml b/charts/recruit/values.yaml index 9abad4475..d27cd56ba 100644 --- a/charts/recruit/values.yaml +++ b/charts/recruit/values.yaml @@ -675,3 +675,13 @@ broadseaAtlasdb: # -- whether to deploy the OHDSI Broadsea Atlasdb () # currently only used by internal integration tests. See [./values-integrationtest.yaml](values-integrationtest.yaml) enabled: false + +tests: + # -- configure the test pods resource requests and limits + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi