content
content copied to clipboard
ComplianceAsCode
OCPBUGS-1316: Add missing variable reference to rules
Some of the kubeletconfig rules does not have not contains reference to variable being used in its remediation, this PR adds that reference to those rules. Related BUG: https://issues.redhat.com/browse/OCPBUGS-1316
Start a new ephemeral environment with changes proposed in this pull request:
ocp4 (from CTF) Environment (using Fedora as testing environment)
Fedora Testing Environment
Oracle Linux 8 Environment
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This datastream diff is auto generated by the check Compare DS/Generate Diff
Click here to see the full diff
New content has different text for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_imagefs_available'.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_imagefs_available
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_imagefs_available
@@ -30,6 +30,7 @@
This rule pertains to the imagefs.available setting of the evictionHard
section.
+Remediation will set field imagefs.available to {{ .var_kubelet_evictionhard_imagefs_available }} based on the variable var_kubelet_evictionhard_imagefs_available.
[reference]:
CIP-003-8 R6
New content has different text for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_imagefs_inodesfree'.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_imagefs_inodesfree
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_imagefs_inodesfree
@@ -30,6 +30,7 @@
This rule pertains to the imagefs.inodesFree setting of the evictionHard
section.
+Remediation will set field imagefs.inodesFree to {{ .var_kubelet_evictionhard_imagefs_inodesfree }} based on the variable var_kubelet_evictionhard_imagefs_inodesfree.
[reference]:
CIP-003-8 R6
New content has different text for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_memory_available'.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_memory_available
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_memory_available
@@ -30,6 +30,7 @@
This rule pertains to the memory.available setting of the evictionHard
section.
+Remediation will set field memory.available to {{ .var_kubelet_evictionhard_memory_available }} based on the variable var_kubelet_evictionhard_memory_available.
[reference]:
CIP-003-8 R6
New content has different text for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_nodefs_available'.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_nodefs_available
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_nodefs_available
@@ -30,6 +30,7 @@
This rule pertains to the nodefs.available setting of the evictionHard
section.
+Remediation will set field nodefs.available to {{ .var_kubelet_evictionhard_nodefs_available }} based on the variable var_kubelet_evictionhard_nodefs_available.
[reference]:
CIP-003-8 R6
New content has different text for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_nodefs_inodesfree'.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_nodefs_inodesfree
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_hard_nodefs_inodesfree
@@ -30,6 +30,7 @@
This rule pertains to the nodefs.inodesFree setting of the evictionHard
section.
+Remediation will set field nodefs.inodesFree to {{ .var_kubelet_evictionhard_nodefs_inodesfree }} based on the variable var_kubelet_evictionhard_nodefs_inodesfree.
[reference]:
CIP-003-8 R6
New content has different text for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_imagefs_available'.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_imagefs_available
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_imagefs_available
@@ -30,6 +30,7 @@
This rule pertains to the imagefs.available setting of the evictionSoft
section.
+Remediation will set field imagefs.available to {{ .var_kubelet_evictionsoft_imagefs_available }} based on the variable var_kubelet_evictionsoft_imagefs_available.
[reference]:
CIP-003-8 R6
New content has different text for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_imagefs_inodesfree'.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_imagefs_inodesfree
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_imagefs_inodesfree
@@ -30,6 +30,7 @@
This rule pertains to the imagefs.inodesFree setting of the evictionSoft
section.
+Remediation will set field imagefs.inodesFree to {{ .var_kubelet_evictionsoft_imagefs_inodesfree }} based on the variable var_kubelet_evictionsoft_imagefs_inodesfree.
[reference]:
CIP-003-8 R6
New content has different text for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_memory_available'.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_memory_available
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_memory_available
@@ -30,6 +30,7 @@
This rule pertains to the memory.available setting of the evictionSoft
section.
+Remediation will set field memory.available to {{ .var_kubelet_evictionsoft_memory_available }} based on the variable var_kubelet_evictionsoft_memory_available.
[reference]:
CIP-003-8 R6
New content has different text for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_nodefs_available'.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_nodefs_available
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_nodefs_available
@@ -30,6 +30,7 @@
This rule pertains to the nodefs.available setting of the evictionSoft
section.
+Remediation will set field nodefs.available to {{ .var_kubelet_evictionsoft_nodefs_available }} based on the variable var_kubelet_evictionsoft_nodefs_available.
[reference]:
CIP-003-8 R6
New content has different text for rule 'xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_nodefs_inodesfree'.
--- xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_nodefs_inodesfree
+++ xccdf_org.ssgproject.content_rule_kubelet_eviction_thresholds_set_soft_nodefs_inodesfree
@@ -30,6 +30,7 @@
This rule pertains to the nodefs.inodesFree setting of the evictionSoft
section.
+Remediation will set field nodefs.inodesFree to {{ .var_kubelet_evictionsoft_nodefs_inodesfree }} based on the variable var_kubelet_evictionsoft_nodefs_inodesfree.
[reference]:
CIP-003-8 R6
:robot: A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:12012
This image was built from commit: 4c5266fd88e6d7b22876c1abf76d46ab5c35f013
Click here to see how to deploy it
If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:12012
Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:12012 make deploy-local
Verification passed with 4.16.0-0.nightly-2024-05-23-173505 + https://github.com/ComplianceAsCode/compliance-operator code + PR https://github.com/ComplianceAsCode/content/pull/12012 code
$ oc get rule -n openshift-compliance -o custom-columns=NAME:metadata.name,VARIABLE:metadata.annotations.compliance\\.openshift\\.io/rule-variable --no-headers | grep upstream | grep eviction
upstream-ocp4-kubelet-eviction-thresholds-set-hard-imagefs-available var-kubelet-evictionhard-imagefs-available
upstream-ocp4-kubelet-eviction-thresholds-set-hard-imagefs-inodesfree var-kubelet-evictionhard-imagefs-inodesfree
upstream-ocp4-kubelet-eviction-thresholds-set-hard-memory-available var-kubelet-evictionhard-memory-available
upstream-ocp4-kubelet-eviction-thresholds-set-hard-nodefs-available var-kubelet-evictionhard-nodefs-available
upstream-ocp4-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree var-kubelet-evictionhard-nodefs-inodesfree
upstream-ocp4-kubelet-eviction-thresholds-set-soft-imagefs-available var-kubelet-evictionsoft-imagefs-available
upstream-ocp4-kubelet-eviction-thresholds-set-soft-imagefs-inodesfree var-kubelet-evictionsoft-imagefs-inodesfree
upstream-ocp4-kubelet-eviction-thresholds-set-soft-memory-available var-kubelet-evictionsoft-memory-available
upstream-ocp4-kubelet-eviction-thresholds-set-soft-nodefs-available var-kubelet-evictionsoft-nodefs-available
upstream-ocp4-kubelet-eviction-thresholds-set-soft-nodefs-inodesfree var-kubelet-evictionsoft-nodefs-inodesfree
CR: upstream-ocp4-cis-node-master-kubelet-eviction-thresholds-set-hard-imagefs-available
This rule pertains to the imagefs.available setting of the evictionHard section. Remediations for the imagefs.available field will be set to 15% based on variable var_kubelet_evictionhard_imagefs_available.
CCR: upstream-ocp4-cis-node-master-kubelet-eviction-thresholds-set-hard-memory-available
This rule pertains to the memory.available setting of the evictionHard section. Remediations for the memory.available field will be set to 100Mi based on variable var_kubelet_evictionhard_memory_available.
CCR: upstream-ocp4-cis-node-master-kubelet-eviction-thresholds-set-hard-nodefs-available
This rule pertains to the nodefs.available setting of the evictionHard section. Remediations for the nodefs.available field will be set to 10% based on variable var_kubelet_evictionhard_nodefs_available.
CCR: upstream-ocp4-cis-node-master-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree
This rule pertains to the nodefs.inodesFree setting of the evictionHard section. Remediations for the nodefs.inodesFree field will be set to 5% based on variable var_kubelet_evictionhard_nodefs_inodesfree.
CCR: upstream-ocp4-cis-node-worker-kubelet-eviction-thresholds-set-hard-imagefs-available
This rule pertains to the imagefs.available setting of the evictionHard section. Remediations for the imagefs.available field will be set to 15% based on variable var_kubelet_evictionhard_imagefs_available.
CCR: upstream-ocp4-cis-node-worker-kubelet-eviction-thresholds-set-hard-memory-available
This rule pertains to the memory.available setting of the evictionHard section. Remediations for the memory.available field will be set to 100Mi based on variable var_kubelet_evictionhard_memory_available.
CCR: upstream-ocp4-cis-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-available
This rule pertains to the nodefs.available setting of the evictionHard section. Remediations for the nodefs.available field will be set to 10% based on variable var_kubelet_evictionhard_nodefs_available.
CCR: upstream-ocp4-cis-node-worker-kubelet-eviction-thresholds-set-hard-nodefs-inodesfree
This rule pertains to the nodefs.inodesFree setting of the evictionHard section. Remediations for the nodefs.inodesFree field will be set to 5% based on variable var_kubelet_evictionhard_nodefs_inodesfree.
Code Climate has analyzed commit 4c5266fd and detected 0 issues on this pull request.
The test coverage on the diff in this pull request is 100.0% (50% is the threshold).
This pull request will bring the total coverage in the repository to 59.4% (0.0% change).
View more on Code Climate.
![qlty-cloud-legacy[bot] avatar](https://avatars.githubusercontent.com/in/9403?v=4 "Published by a pub.dev verified publisher"){kind=small}