EmptyDir sizelimits no longer applied via mutation

[funkypenguin]

Hey guys!

This pod was created under k-rail v2.0.1:

<snip>
Volumes:
  userfunc:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  <unset>

And this one was created under v1.5.0:

<snip>
Volumes:
  userfunc:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
    SizeLimit:  512Mi

It would seem as if the policy which enables mutating of pods to enforce EmptyDir limits ... is not enforcing :)

The relevant portion of the config (applied via helm chart) has not changed:

<snip>
    - enabled: true
      name: pod_empty_dir_size_limit
      report_only: false
<snip>
    policy_config:
      mutate_empty_dir_size_limit:
        default_size_limit: 512Mi
        maximum_size_limit: 1Gi

I couldn't see any obvious recent changes around this.

Thanks!
D

[dustin-decker]

Good catch. This will need some investigation... It might be related to dependency changes.

[mark-adams]

👋 The k-rail project has been deprecated and is no longer under active development. We recommend taking a look at OPA Gatekeeper to see if it might meet your needs going forward.

Thanks for your contribution(s) to the project!