porter/internal/opa/policies/prometheus/nodeexporter_memory_limits.rego

package prometheus.nodeexporter_memory_limits

import future.keywords

# Policy expects input structure of form:
# values: {}

# This policy tests for the existence of memory limits as a hard constraint. We look
# for Helm values of the form:
# 
# nodeExporter:
#   resources:
#     limits:
#       cpu: 200m
#       memory: 256Mi
#     requests:
#       cpu: 10m
#       memory: 256Mi

POLICY_ID := "nodeexporter_memory_limits"

POLICY_VERSION := "v0.0.1"

POLICY_SEVERITY := "high"

POLICY_TITLE := sprintf("Prometheus nodeExporter should have memory limits set", [])

POLICY_SUCCESS_MESSAGE := sprintf("Success: Prometheus nodeExporter has memory limits set", [])

allow if {
	input.values.nodeExporter.resources.limits.memory
}

FAILURE_MESSAGE contains msg if {
	not allow
	msg := "Failed: Prometheus nodeExporter does not have memory limits set"
}