From 8c487355a5df6ef785d1b5669898cd373fa4bfed Mon Sep 17 00:00:00 2001
From: Peter Trifanov <peter.trifanov@sonarsource.com>
Date: Thu, 20 Jun 2024 11:50:57 +0200
Subject: [PATCH 1/2] Modify rule S6864: Add examples for LimitRange

---
 rules/S6864/kubernetes/rule.adoc | 40 ++++++++++++++++++++++++++++++--
 1 file changed, 38 insertions(+), 2 deletions(-)

diff --git a/rules/S6864/kubernetes/rule.adoc b/rules/S6864/kubernetes/rule.adoc
index 093543db5eb..a58c948b08b 100644
--- a/rules/S6864/kubernetes/rule.adoc
+++ b/rules/S6864/kubernetes/rule.adoc
@@ -39,7 +39,7 @@ node failure.
 
 === Code examples
 
-To avoid potential issues specify a memory limit for each container.
+To avoid potential issues either specify a memory limit for each container or create a resource of kind `LimitRange` that sets a default memory limit for all containers in a namespace.
 
 ==== Noncompliant code example
 
@@ -55,6 +55,18 @@ spec:
       image: nginx
 ----
 
+[source,yaml,diff-id=2,diff-type=noncompliant]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: example
+spec:
+  containers:
+    - name: web # Noncompliant
+      image: nginx
+----
+
 ==== Compliant solution
 
 [source,yaml,diff-id=1,diff-type=compliant]
@@ -72,11 +84,35 @@ spec:
           memory: 100Mi
 ----
 
+[source,yaml,diff-id=2,diff-type=compliant]
+----
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: mem-limit-range
+  namespace: default-mem-example
+spec:
+  limits:
+    - type: Container
+      default:
+        memory: 100Mi
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: example
+  namespace: default-mem-example
+spec:
+  containers:
+    - name: web
+      image: nginx
+----
+
 === How does this work?
 
 A limit can be set through the property `resources.limits.memory` of a
 container. Alternatively, a default limit for a namespace can be set with
-`LimitRange`.
+`LimitRange` through `spec.limits[].default.memory`.
 
 == Resources
 

From d17e4e8f5c9c948c6499407fc3521b23a8c61b4d Mon Sep 17 00:00:00 2001
From: Peter Trifanov <peter.trifanov@sonarsource.com>
Date: Wed, 26 Jun 2024 17:35:42 +0200
Subject: [PATCH 2/2] Update rule.adoc

---
 rules/S6864/kubernetes/rule.adoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/S6864/kubernetes/rule.adoc b/rules/S6864/kubernetes/rule.adoc
index a58c948b08b..e223ef440b1 100644
--- a/rules/S6864/kubernetes/rule.adoc
+++ b/rules/S6864/kubernetes/rule.adoc
@@ -39,7 +39,7 @@ node failure.
 
 === Code examples
 
-To avoid potential issues either specify a memory limit for each container or create a resource of kind `LimitRange` that sets a default memory limit for all containers in a namespace.
+To avoid potential issues, either specify a memory limit for each container in a pod specification or create a resource of a kind, `LimitRange`, that sets a default memory limit for all containers in all pod specifications belonging to the same namespace.
 
 ==== Noncompliant code example