Bug 2042545 - ACM configuration policies do not handle Limitrange or Quotas values
Summary: ACM configuration policies do not handle Limitrange or Quotas values
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Advanced Cluster Management for Kubernetes
Classification: Red Hat
Component: GRC & Policy
Version: rhacm-2.4
Hardware: All
OS: All
unspecified
low
Target Milestone: ---
: rhacm-2.4.2
Assignee: Will Kutler
QA Contact: Derek Ho
Mikela Dockery
URL:
Whiteboard:
: 2043526 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-01-19 17:04 UTC by Felix Dewaleyne
Modified: 2025-08-08 12:18 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-03-03 07:00:47 UTC
Target Upstream Version:
Embargoed:
dho: qe_test_coverage+
bot-tracker-sync: rhacm-2.4.z+

Attachments (Terms of Use)
policy example (1.57 KB, text/plain)
2022-01-19 17:04 UTC, Felix Dewaleyne 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Github stolostron backlog issues 19257 0 None None None 2022-01-19 20:12:40 UTC
Red Hat Product Errata RHSA-2022:0735 0 None None None 2022-03-03 07:02:07 UTC

Internal Links: 2043526

Description Felix Dewaleyne 2022-01-19 17:04:10 UTC 
Created attachment 1851891 [details]
policy example

Description of problem:
ACM configuration policies do not handle Limitrange or Quotas values

Version-Release number of selected component (if applicable):
2.4.1

How reproducible:
all the time

Steps to Reproduce:
1. create a policy like the sample one in additional info
2. apply it
3. make changes to the target on the cpu or memory limit

Actual results:
nothing happens

Expected results:
inform triggers as expected

Additional info:

sample policy
~~~
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
  name: limit-range
spec:
  remediationAction: inform
  disabled: false
  policy-templates:
    - objectDefinition:
        apiVersion: policy.open-cluster-management.io/v1
        kind: ConfigurationPolicy
        metadata:
          name: limit-range
        spec:
          remediationAction: inform
          severity: high
          namespaceSelector:
            exclude:
            - "openshift*"
            - "kube*"
            - "default"
            - "open-cluster*"
            - "ocp-gc-tgt-prepla"
            include: ["amqstreams-prod-bck"]
          object-templates:
            - complianceType: musthave
              objectDefinition:
                kind: LimitRange
                apiVersion: v1
                metadata:
                  name: amqstreams-prod-bck-limitrange
                spec:
                  limits:
                  - max:
                      cpu: "1"
                      memory: 2Gi
                    min:
                      cpu: 100m
                      memory: 128Mi
                    type: Pod
                  - default:
                      cpu: 500m
                      memory: 512Mi
                    defaultRequest:
                      cpu: 200m
                      memory: 256Mi
                    max:
                      cpu: "1"
                      memory: 1Gi
                    min:
                      cpu: 100m
                      memory: 128Mi
                    type: Container
~~~
Comment 3 Will Kutler 2022-01-21 14:55:07 UTC 
*** Bug 2043526 has been marked as a duplicate of this bug. ***
Comment 12 errata-xmlrpc 2022-03-03 07:00:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixes), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0735
Note You need to log in before you can comment on or make changes to this bug.