From 523fbf71e7cc01da6f8ca64a82b6c7a24f458439 Mon Sep 17 00:00:00 2001
From: Peter Trifanov <peter.trifanov@sonarsource.com>
Date: Thu, 27 Jun 2024 15:01:25 +0200
Subject: [PATCH 1/2] Modify rule S6892: Add examples for LimitRange

---
 rules/S6864/kubernetes/rule.adoc |  2 +-
 rules/S6892/kubernetes/rule.adoc | 40 ++++++++++++++++++++++++++++++--
 2 files changed, 39 insertions(+), 3 deletions(-)

diff --git a/rules/S6864/kubernetes/rule.adoc b/rules/S6864/kubernetes/rule.adoc
index e223ef440b1..94c05e33b98 100644
--- a/rules/S6864/kubernetes/rule.adoc
+++ b/rules/S6864/kubernetes/rule.adoc
@@ -39,7 +39,7 @@ node failure.
 
 === Code examples
 
-To avoid potential issues, either specify a memory limit for each container in a pod specification or create a resource of a kind, `LimitRange`, that sets a default memory limit for all containers in all pod specifications belonging to the same namespace.
+To avoid potential issues, either specify a memory limit for each container in a pod specification or create a resource of a kind `LimitRange`, that sets a default memory limit for all containers in all pod specifications belonging to the same namespace.
 
 ==== Noncompliant code example
 
diff --git a/rules/S6892/kubernetes/rule.adoc b/rules/S6892/kubernetes/rule.adoc
index 7ffa2fc7f4c..2e19439dbe9 100644
--- a/rules/S6892/kubernetes/rule.adoc
+++ b/rules/S6892/kubernetes/rule.adoc
@@ -37,7 +37,7 @@ By setting a CPU request, Kubernetes will make sure that the container will get
 
 === Code examples
 
-To avoid potential issues specify a CPU request for each container with `resources.requests.cpu`.
+To avoid potential issues, either specify a CPU request for each container with `resources.requests.cpu` or create a resource of a kind `LimitRange` that sets a default CPU request for all containers in all pod specs in a namespace.
 
 ==== Noncompliant code example
 
@@ -53,6 +53,18 @@ spec:
       image: nginx
 ----
 
+[source,yaml,diff-id=2,diff-type=noncompliant]
+----
+apiVersion: v1
+kind: Pod
+metadata:
+  name: example
+spec:
+  containers:
+    - name: web # Noncompliant
+      image: nginx
+----
+
 ==== Compliant solution
 
 [source,yaml,diff-id=1,diff-type=compliant]
@@ -70,11 +82,35 @@ spec:
           cpu: 0.5
 ----
 
+[source,yaml,diff-id=2,diff-type=compliant]
+----
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: mem-request-range
+  namespace: default-cpu-example
+spec:
+  limits:
+  - defaultRequest:
+      cpu: 0.5
+    type: Container
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx-ns-compliant
+  namespace: default-cpu-example
+spec:
+  containers:
+  - name: nginx-ns-compliant
+    image: nginx
+----
+
 === How does this work?
 
 A request can be set through the property `resources.requests.cpu` of a
 container. Alternatively, a default request for a namespace can be set with
-`LimitRange`.
+`LimitRange` through the property `spec.limits[].defaultRequest.cpu`.
 
 == Resources
 

From a948dce9b265a366980d238e58b2a8e89f4d07b9 Mon Sep 17 00:00:00 2001
From: Peter Trifanov <peter.trifanov@sonarsource.com>
Date: Fri, 28 Jun 2024 15:21:37 +0200
Subject: [PATCH 2/2] Update rule.adoc

---
 rules/S6892/kubernetes/rule.adoc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/S6892/kubernetes/rule.adoc b/rules/S6892/kubernetes/rule.adoc
index 2e19439dbe9..7acace1bdad 100644
--- a/rules/S6892/kubernetes/rule.adoc
+++ b/rules/S6892/kubernetes/rule.adoc
@@ -37,7 +37,7 @@ By setting a CPU request, Kubernetes will make sure that the container will get
 
 === Code examples
 
-To avoid potential issues, either specify a CPU request for each container with `resources.requests.cpu` or create a resource of a kind `LimitRange` that sets a default CPU request for all containers in all pod specs in a namespace.
+To avoid potential issues, either specify a CPU request for each container with `resources.requests.cpu` or create a resource of a kind `LimitRange` that sets a default CPU request for all containers in all pod specifications in a namespace.
 
 ==== Noncompliant code example
 
@@ -87,7 +87,7 @@ spec:
 apiVersion: v1
 kind: LimitRange
 metadata:
-  name: mem-request-range
+  name: cpu-request-range
   namespace: default-cpu-example
 spec:
   limits: