Enforce container resources without max/min values

[olegy2008]

I've created this template to only enforce the presence of resources defined in the constraint without specifying min/max values like in containerrequests and containerlimits.
That's my first time using rego so would appreciate any suggestions to make it look and work better if possible.

[olegy2008]

@maxsmythe @ritazh is there any chance to get your review/opinion about this?

[maxsmythe]

Sorry for the slow response :/ I like the idea of this CT!

I haven't had time to look through the tests, but the overall code LGTM.

Any chance this could be updated to also support ephemeral containers, per #191 ?

[olegy2008]

Hey @maxsmythe!
I checked ephemeralContainers docs and it says that setting resources for ephemeralContainers is disallowed and ephemeral containers use spare resources already allocated to the pod.

[maxsmythe]

Thank you for checking WRT the ephemeral container!

The code looks good, I have a couple nits WRT test names and parameter validation.

[maxsmythe]

nit: I wonder if we could name these tests to explain what they are testing?

[olegy2008]

Renamed tests, but not sure if it's more readable/clear now, do you have any naming conventions?

[maxsmythe]

No conventions as yet, since the test function is fairly new, but this is much more clear. Thank you for doing this!

[maxsmythe]

Is it possible to add a regex check for the string so that users get an error if they type anything other than "cpu" or "memory"?

[olegy2008]

Added enum to validate the values.

[maxsmythe]

thanks!

[maxsmythe]

LGTM

[ritazh]

LGTM