Control: Job containers should have a CPU limit
Description
Containers in a Job should have CPU limit which restricts the container to use no more than a given amount of CPU.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.job_cpu_limitSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.job_cpu_limit --shareSQL
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when c -> 'resources' -> 'limits' ->> 'cpu' is null then 'alarm' else 'ok' end as status, case when c -> 'resources' -> 'limits' ->> 'cpu' is null then c ->> 'name' || ' does not have a CPU limit.' else c ->> 'name' || ' has a CPU limit of ' || (c -> 'resources' -> 'limits' ->> 'cpu') || '.' end as reason, name as job_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_job, jsonb_array_elements(template -> 'spec' -> 'containers') as c;