Docs
Blog
Kubevious.io places cookies on your computer or device to make the site work better and to help us understand how you use our site. Further use of this site (by clicking, navigating or scrolling) will be considered consent. Please visit our privacy policy for more information.
Guard
Features
Application Centric UI
Health Monitoring
Cloud Native Tools
Search Engine
Time Machine
Rules Engine
Concepts
Target Script Syntax
Rule Script Syntax
Contributing
Slack Bot
Built-in Validators
Container
Compute
Configuration
Networking
Storage
RBAC
Security
Traefik Proxy
Docs
Features
Rules Engine

Rule Script Syntax

The purpose of the rule script is to act upon items that passed target script filters. Rule scripts can perform further checks but eventually should call error, warning, or mark to label items as such.

Action Description
error(msg) Triggers an error on the item. An optional message can be provided.
warning(msg) Triggers a warning on the item. An optional message can be provided.
mark(name) Marks the item with the specified marker.

Within the body of the rule script, an item variable (identical to the one used in the filter function of target script) can be used to determine what kind of severity, message, and mark to attach.

Let’s consider the simple case of triggering errors on the latest image tags.

Target Script

select('Image') .filter(({item}) => (item.props.tag == 'latest'))

Rule Script

error("You are using the latest image tag. Please don't do that.");

Another way of achieving the same outcome is by targeting all Images, but filtering out latest tags within the rule script:

Target Script

select('Image')

Rule Script

if (item.props.tag == 'latest') { error("You are using the latest image tag. Please don't do that."); }

Raising warning on objects is achieved using a similar method. The rule below would trigger warnings on PersistentVolumeClaims that are attached to Pods not managed by StatefulSets.

Target Script

select('Pod') .filter(({item}) => { return (item.parent.name != 'StatefulSet'); }) .child('Persistent Volume Claim')

Rule Script

warning('Using a PVC on Pods that are not launched by StatefulSet.')

As described above, markers allow more informative labeling for items than errors and warnings when items are configured correctly but require special attention.

One example is marking items as per their memory request requirements. The rule below marks containers that request more than 4GB of memory as high-memory-user and containers that request more between 600MB to 4GB as medium-memory-user. The rule also triggers a warning on containers that have no memory request set.

Target Script

select('Container')

Rule Script

var value = item.getProperties('resources')['memory request']; if (value) { if (unit.memory(value).in('gb') >= 4) { mark('high-memory-user'); } else if (unit.memory(value).in('mb') >= 600) { mark('medium-memory-user'); } } else { warning('Memory request is not set. This is not a good practice. Please correct ASAP.') }

For markers to show up in the diagram, they should be created in the Marker Editor window for the names specified in the mark function.

Prev
Hierarchy Traversal
Next
Contributing
Share this article on:
message
PRODUCTGet StartedDemoOpen-Source
COMPANYContactPrivacy PolicyTerms and Conditions
KNOWLEDGE BASEDocumentationKubernetes Best PracticesBlog