fix: questions-ui.yml missing latest configuration.

[jvanz]

Description

The questions-ui.yml file is missing the latest configuration added: ignoreValues. This commits adds this new field in the file. As well as, configures the other fields to be hidden when user sets ignoreValue to false.

[jvanz]

@kravciak @aalves08 can you review this file as well? :)

[viccuad]

LGTM

[kravciak]

@kravciak @aalves08 can you review this file as well? :)

taking a look now, sorry for the delay..

[kravciak]

I added suggestion for info message (ignore if you prefer yours), but I found an issue:

• I create policy initially with some values
• I edit policy and select Ignore values

UI does not clean hidden inputs when I select checkbox, so it produces yaml:

  settings:
    cpu:
      ignoreValues: true
    memory:
      defaultLimit: '100'
      defaultRequest: '100'
      ignoreValues: true
      maxLimit: '100'

Which results in Values cannot be true when any quantities are defined error:

2024-04-11T18:54:06.256680Z  INFO validate_settings{self=PolicyEvaluator { runtime: "wapc" } settings={"allowedHostPaths": Array [Object {"pathPrefix": String("/tmp"), "readOnly": Bool(true)}]}}:policy_log{self=EvaluationContext { policy_id: "clusterwide-do-not-share-host-paths", callback_channel: Some(...), allowed_kubernetes_resources: {} }}: policy_log: accepting settings data={}
Error: [clusterwide-crs] settings are not valid: Some("Provided settings are not valid: invalid memory settings\nignoreValues cannot be true when any quantities are defined")

[jvanz]

@kravciak I just updated this PR with the change in the policy to allow the quantities together with the ignoreValues. Can you test it again?

[kravciak]

I set both CPU & Memory to ignoreValues and I can still create pod without requests section.

apiVersion: v1
kind: Pod
metadata:
  name: frontend
spec:
  containers:
  - name: app
    image: nginx:alpine
    resources:
      limits:
        memory: "128Mi"
        cpu: 100m

I found this in kubernetes doc:

# https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Note: If you specify a limit for a resource, but do not specify any request, and no admission-time mechanism has applied a default request for that resource, then Kubernetes copies the limit you specified and uses it as the requested value for the resource.

It's a bit misleading considering that in README we say enforce that requests and limits are set - only limits is enforced, requests is auto-completed by kubernetes.

Otherwise it works fine.

[jvanz]

It's a bit misleading considering that in README we say enforce that requests and limits are set - only limits is enforced, requests is auto-completed by kubernetes.

Yeah, this can be misleading indeed. To help clarify that, I've added a note in the README to explain to the user that others controllers (e.g. kubernetes ones) can be mutating the resource before the policy. Which is the case that you reported. I decided to not change the original sentence that you highlighted because that will happen depending of the admission controller configuration. Are you fine with that change?