lack of awareness for ResourceQuota for ephemeral-storage check

[fenio]

Which version of kube-score are you using?

kube-score version:

kube-score version: 1.17.0, commit: 0b3f154ca3f06a13323431a7d2199a74a1869fbc, built: 2023-07-06T07:38:13Z

What did you do? I ran scan this way: kubectl api-resources --verbs=list --namespaced -o name | xargs -n1 -I{} bash -c "kubectl get {} --all-namespaces -oyaml && echo ---" | kube-score score -

Got bunch of info about lack of limits for ephemeral-storage so I applied ResourceQuota for it and reran the test. Scan is still complaining that limits are not set.

What did you expect to see?

I expected kube-score to stop complaining about lack of limits for ephemeral-storage.

What did you see instead?

It's still complaining so my assumption is that it's not aware of limiting it this way.

A description of what happened, include logs and program output

Invocation without resourcequota:

    · vmbackup -> Ephemeral Storage limit is not set
        Resource limits are recommended to avoid resource DDOS. Set
        resources.limits.ephemeral-storage

Then I set resourcequota for that namespace:

❯ ~ kubectl get resourcequota NAME AGE REQUEST LIMIT ephemeral-storage 42m requests.ephemeral-storage: 0/10Gi limits.ephemeral-storage: 0/20Gi

and then I reran the kube-score and it still says that there's no limit on ephemeral-storage

[zegl]

As far as I’m aware, creating a ResourceQuota will not have any effect unless the Pod is also setting resource limits/requests.

Please prove me wrong, what happens if you write more than 20GB to the storage in pods targeted by this ResourceQuota? My assumption is that the write will succeed, and Kubernetes will not do anything to stop you.

[fenio]

I'm not going to prove you wrong as I have no idea how will it behave. If the way you're saying then to be honest i have no idea what are these resourcequotas meant for. I'll do more research on my own. Thanks for point me that aspect ;)