Bug 1969813

Summary: OpenShift Compliance operator - ComplianceCheckResult ocp4-cis-node-master-kubelet-eviction-thresholds-set-hard-memory-available is always failing even set to 500Mi
Product: OpenShift Container Platform Reporter: Andreas Nowak <anowak>
Component: Compliance OperatorAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED NOTABUG QA Contact: Prashant Dhamdhere <pdhamdhe>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.7CC: josorior, mrogers, xiyuan
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-06-30 09:54:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 1 Juan Antonio Osorio 2021-06-09 09:39:31 UTC 
The reason for this issue is because we use a variable to set the memory.available parameter, and it's set to 200Mi initially. That can be set via a variable, which can be tuned in a TailoredProfile.

Ultimately this is an issue in:

* Our documentation: We should better document using TailedProfiles (we don't even do it very well upstream)
* The content description: We should mention that it's set via a variable.

thanks for reporting this!
Comment 2 Jakub Hrozek 2021-06-09 12:30:13 UTC 
(In reply to Juan Antonio Osorio from comment #1)
> The reason for this issue is because we use a variable to set the
> memory.available parameter, and it's set to 200Mi initially. That can be set
> via a variable, which can be tuned in a TailoredProfile.
> 
> Ultimately this is an issue in:
> 
> * Our documentation: We should better document using TailedProfiles (we
> don't even do it very well upstream)

upstream docs PR: https://github.com/openshift/compliance-operator/pull/656
the downstream docs seem OK to me, the variable example is there:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/security_and_compliance/compliance-operator#compliance-tailored-profiles_compliance-tailor

It would be nice to get feedback of what is missing?

> * The content description: We should mention that it's set via a variable.

I amended docs of one rule: https://github.com/ComplianceAsCode/content/pull/7100
Comment 3 Juan Antonio Osorio 2021-06-16 12:04:05 UTC 
@anowak was the information that Jakub provided sufficient?