github/polaris
1
0
Fork 0
mirror of https://github.com/FairwindsOps/polaris.git synced 2026-05-10 03:07:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update exemption documentation and unit test

Browse Source
This commit is contained in:
skatika
2020-12-22 15:30:39 -05:00
parent 0c398d21f2
commit a79260a324
2 changed files with 40 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
docs-md/customization/exemptions.md
View File

@@ -21,21 +21,32 @@ kubectl annotate deployment my-deployment polaris.fairwinds.com/cpuRequestsMissi
## Config
You can add exemptions by using a combination of namespace, controller names, and container names via the config. You have to specify a list of rules and at least one of the following: a namespace, a list of controller names, or a list of container names, e.g.
To add exemptions via the config, you have to specify at least one or more of the following:
- A namespace
- A list of controller names
- A list of container names
You can also specify a list of particular rules. If no rules are specified then every rule is exempted.
Controller names and container names are matched as a prefix, so an empty string will match every controller or container respectively.
For example:
```yaml
exemptions:
# exemption valid in kube-system namespace and dns-controller controller for all containers
# exemption valid for all rules on all containers in all controllers in default namespace
- namespace: default
# exemption valid for hostNetworkSet rule on all containers in dns-controller controller in kube-system namespace
- namespace: kube-system
controllerNames:
- dns-controller
rules:
- hostNetworkSet
# exemption valid in all namespaces and dns-controller controller for all containers
# exemption valid for hostNetworkSet rule on all containers in dns-controller controller in all namespaces
- controllerNames:
- dns-controller
rules:
- hostNetworkSet
# exemption valid in kube-system namespace and all controllers for coredns container
# exemption valid for hostNetworkSet rule on coredns container in all controllers in kube-system namespace
- namespace: kube-system
- containerNames:
- coredns

26
pkg/config/exemptions_test.go
View File

@@ -65,9 +65,10 @@ exemptions:
rules:
- multipleReplicasForDeployment
- priorityClassNotSet
- namespace: polaris
`
func TestNamespaceExemption(t *testing.T) {
func TestNamespaceExemptionForSpecifiedRules(t *testing.T) {
parsedConf, err := Parse([]byte(confContainerTest))
assert.NoError(t, err)
@@ -83,10 +84,33 @@ func TestNamespaceExemption(t *testing.T) {
actionable = parsedConf.IsActionable("multipleReplicasForDeployment", "prometheus", "controller1", "")
assert.False(t, actionable)
actionable = parsedConf.IsActionable("pullPolicyNotAlways", "prometheus", "controller1", "")
assert.True(t, actionable)
actionable = parsedConf.IsActionable("multipleReplicasForDeployment", "kube-system", "", "")
assert.True(t, actionable)
}
func TestNamespaceExemptionForAllRules(t *testing.T) {
parsedConf, err := Parse([]byte(confContainerTest))
assert.NoError(t, err)
actionable := parsedConf.IsActionable("multipleReplicasForDeployment", "polaris", "", "")
assert.False(t, actionable)
actionable = parsedConf.IsActionable("multipleReplicasForDeployment", "polaris", "controller1", "container11")
assert.False(t, actionable)
actionable = parsedConf.IsActionable("multipleReplicasForDeployment", "polaris", "", "container11")
assert.False(t, actionable)
actionable = parsedConf.IsActionable("multipleReplicasForDeployment", "polaris", "controller1", "")
assert.False(t, actionable)
actionable = parsedConf.IsActionable("pullPolicyNotAlways", "polaris", "controller1", "")
assert.False(t, actionable)
}
func TestControllerExemption(t *testing.T) {
parsedConf, err := Parse([]byte(confContainerTest))
assert.NoError(t, err)