search

pulumi / compliance-policies

A library of policies for Pulumi's Policy as Code
Apache License 2.0
16 stars 2 forks source link

configureMinimumReplicaCount ignores setting in HorizontalPodAutoscaler #39

Open nwittstruck opened 11 months ago

nwittstruck commented 11 months ago

What happened?

Currently, the policy that validates the minimum replica count only checks the configuration of the ReplicaSet. This works fine for simple use cases when you just use a ReplicaSet.

However, when you use a HorizontalPodAutoscaler, the Kubernetes docs discourage using a ReplicaSet. 

When an HPA is enabled, it is recommended that the value of spec.replicas of the Deployment and / or StatefulSet be removed from their [manifest(s)](https://kubernetes.io/docs/reference/glossary/?all=true#term-manifest).

Since the policy only checks the ReplicaSet, but not the HorizontalPodAutoscaler, the policy gives a false warning. The policy should also check the minReplicas in HorizontalPodAutoscaler configuration.

Example

Use a HorizontalPodAutoscaler instead of a ReplicaSet to configure the minium amount of replicas.

Output of pulumi about

pulumi about doesn't seem to work in policy packages: Pulumi: Version 3.95.0 Packages:

        "@pulumi/kubernetes-compliance-policies": "0.1.1",
        "@pulumi/compliance-policy-manager": "0.1.2",
        "@pulumi/policy": "^1.7.0",
        "@pulumi/pulumi": "^3.0.0"

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

aureq commented 11 months ago

Excellent suggestion @nwittstruck 🌿