Skip to content
This repository was archived by the owner on Jun 6, 2025. It is now read-only.

Revert "Quickfix for innit containers (#554)"#565

Merged
imilchev merged 1 commit into
mainfrom
ivan/revert-k8s
Jun 5, 2025
Merged

Revert "Quickfix for innit containers (#554)"#565
imilchev merged 1 commit into
mainfrom
ivan/revert-k8s

Conversation

@imilchev

@imilchev imilchev commented Jun 5, 2025
edited
Loading

Copy link
Copy Markdown
Member

I don't understand what this change is fixing but it definitely breaks stuff. I have a pod with no init containers and this check is failing:

cnspec> k8s.deployment.initContainers
k8s.deployment.initContainers: []
cnspec> k8s.deployment.initContainers.any( resources['limits']['cpu'] != empty )
[failed] [].any()
  actual:   []
apiVersion: apps/v1
kind: Deployment
metadata:
  generation: 1
  labels:
    admission-result: pass
  name: passing-deployment
  namespace: mondoo-operator
spec:
  progressDeadlineSeconds: 600
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      admission-result: pass
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        admission-result: pass
    spec:
      automountServiceAccountToken: false
      containers:
      - args:
        - exit 0
        command:
        - /bin/sh
        - -c
        image: ubuntu:20.04
        imagePullPolicy: Always
        livenessProbe:
          exec:
            command:
            - /bin/sh
            - -c
            - exit 0
          failureThreshold: 3
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: ubuntu
        readinessProbe:
          exec:
            command:
            - /bin/sh
            - -c
            - exit 0
          failureThreshold: 3
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources:
          limits:
            cpu: 100m
            memory: 100Mi
          requests:
            cpu: 100m
            memory: 100Mi
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop:
            - NET_RAW
          privileged: false
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 1000
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30

@imilchev imilchev merged commit 10507e9 into main Jun 5, 2025
7 checks passed
@imilchev imilchev deleted the ivan/revert-k8s branch June 5, 2025 09:16
@github-actions github-actions Bot locked and limited conversation to collaborators Jun 5, 2025
@syrull

syrull commented Jun 5, 2025

Copy link
Copy Markdown
Contributor

for ref: the logic is wrong with any.

Also the initial reason was:

https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#resource-sharing-within-containers

The highest of any particular resource request or limit defined on all init containers is the effective init request/limit. If any resource has no resource limit specified this is considered as the highest limit.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@syrull syrull syrull approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@imilchev @syrull