Open hzhhong opened 2 years ago
What happened: node conditions are as follow:
Incorrect rego output:
{ "deny": [ { "Level": "warning", "Message": "KubeletHasDiskPressure", "Name": "kind-control-plane", "Reason": "kubelet has disk pressure", "Type": "Node" }, { "Level": "warning", "Message": "KubeletHasNoSufficientMemory", "Name": "kind-control-plane", "Reason": "kubelet has no sufficient memory available", "Type": "Node" }, { "Level": "warning", "Message": "KubeletHasNoSufficientPID", "Name": "kind-control-plane", "Reason": "kubelet has no sufficient PID available", "Type": "Node" } ] }
rego input:
{ "Object": { "kind": "Node", "apiVersion": "v1", "metadata": { "name": "kind-control-plane", "selfLink": "/api/v1/nodes/kind-control-plane", "uid": "d3d62b4e-e19e-48c0-803f-4245603bc4d8", "resourceVersion": "6495906", "creationTimestamp": "2022-05-16T02:18:51Z", "labels": { "beta.kubernetes.io/arch": "amd64", "beta.kubernetes.io/os": "linux", "kubernetes.io/arch": "amd64", "kubernetes.io/hostname": "kind-control-plane", "kubernetes.io/os": "linux", "node-role.kubernetes.io/master": "" }, "annotations": { "kubeadm.alpha.kubernetes.io/cri-socket": "unix:///run/containerd/containerd.sock", "node.alpha.kubernetes.io/ttl": "0", "volumes.kubernetes.io/controller-managed-attach-detach": "true" } }, "spec": { "podCIDR": "10.244.0.0/24", "podCIDRs": [ "10.244.0.0/24" ], "providerID": "kind://docker/kind/kind-control-plane" }, "status": { "conditions": [ { "type": "MemoryPressure", "status": "False", "lastHeartbeatTime": "2022-08-23T02:30:23Z", "lastTransitionTime": "2022-08-20T01:23:07Z", "reason": "KubeletHasSufficientMemory", "message": "kubelet has sufficient memory available" }, { "type": "DiskPressure", "status": "False", "lastHeartbeatTime": "2022-08-23T02:30:23Z", "lastTransitionTime": "2022-08-20T01:23:07Z", "reason": "KubeletHasNoDiskPressure", "message": "kubelet has no disk pressure" }, { "type": "PIDPressure", "status": "False", "lastHeartbeatTime": "2022-08-23T02:30:23Z", "lastTransitionTime": "2022-08-20T01:23:07Z", "reason": "KubeletHasSufficientPID", "message": "kubelet has sufficient PID available" }, { "type": "Ready", "status": "True", "lastHeartbeatTime": "2022-08-23T02:30:23Z", "lastTransitionTime": "2022-08-20T01:23:07Z", "reason": "KubeletReady", "message": "kubelet is posting ready status" } ] } } }
What you expected to happen: According to kubernetes node condition descriptions, the correct output should be as follows:
{ "deny": [] }
How to reproduce it (as minimally and precisely as possible):
Reproduce it using FalseNodeConditionsRule.rego in rego playground
Anything else we need to know?:
Environment:
What happened: node conditions are as follow:
Incorrect rego output:
{ "deny": [ { "Level": "warning", "Message": "KubeletHasDiskPressure", "Name": "kind-control-plane", "Reason": "kubelet has disk pressure", "Type": "Node" }, { "Level": "warning", "Message": "KubeletHasNoSufficientMemory", "Name": "kind-control-plane", "Reason": "kubelet has no sufficient memory available", "Type": "Node" }, { "Level": "warning", "Message": "KubeletHasNoSufficientPID", "Name": "kind-control-plane", "Reason": "kubelet has no sufficient PID available", "Type": "Node" } ] }rego input:
{ "Object": { "kind": "Node", "apiVersion": "v1", "metadata": { "name": "kind-control-plane", "selfLink": "/api/v1/nodes/kind-control-plane", "uid": "d3d62b4e-e19e-48c0-803f-4245603bc4d8", "resourceVersion": "6495906", "creationTimestamp": "2022-05-16T02:18:51Z", "labels": { "beta.kubernetes.io/arch": "amd64", "beta.kubernetes.io/os": "linux", "kubernetes.io/arch": "amd64", "kubernetes.io/hostname": "kind-control-plane", "kubernetes.io/os": "linux", "node-role.kubernetes.io/master": "" }, "annotations": { "kubeadm.alpha.kubernetes.io/cri-socket": "unix:///run/containerd/containerd.sock", "node.alpha.kubernetes.io/ttl": "0", "volumes.kubernetes.io/controller-managed-attach-detach": "true" } }, "spec": { "podCIDR": "10.244.0.0/24", "podCIDRs": [ "10.244.0.0/24" ], "providerID": "kind://docker/kind/kind-control-plane" }, "status": { "conditions": [ { "type": "MemoryPressure", "status": "False", "lastHeartbeatTime": "2022-08-23T02:30:23Z", "lastTransitionTime": "2022-08-20T01:23:07Z", "reason": "KubeletHasSufficientMemory", "message": "kubelet has sufficient memory available" }, { "type": "DiskPressure", "status": "False", "lastHeartbeatTime": "2022-08-23T02:30:23Z", "lastTransitionTime": "2022-08-20T01:23:07Z", "reason": "KubeletHasNoDiskPressure", "message": "kubelet has no disk pressure" }, { "type": "PIDPressure", "status": "False", "lastHeartbeatTime": "2022-08-23T02:30:23Z", "lastTransitionTime": "2022-08-20T01:23:07Z", "reason": "KubeletHasSufficientPID", "message": "kubelet has sufficient PID available" }, { "type": "Ready", "status": "True", "lastHeartbeatTime": "2022-08-23T02:30:23Z", "lastTransitionTime": "2022-08-20T01:23:07Z", "reason": "KubeletReady", "message": "kubelet is posting ready status" } ] } } }What you expected to happen: According to kubernetes node condition descriptions, the correct output should be as follows:
{ "deny": [] }How to reproduce it (as minimally and precisely as possible):
Reproduce it using FalseNodeConditionsRule.rego in rego playground
Anything else we need to know?:
Environment: