2019-10-09 17:37:31 -07:00
|
|
|
apiVersion: kyverno.io/v1alpha1
|
2019-10-14 10:47:54 -07:00
|
|
|
kind: ClusterPolicy
|
2019-10-09 17:37:31 -07:00
|
|
|
metadata:
|
2019-11-10 21:06:49 -08:00
|
|
|
name: require-pod-requests-limits
|
2019-10-11 18:57:16 -07:00
|
|
|
annotations:
|
|
|
|
|
policies.kyverno.io/category: Resource Quota
|
2019-10-14 16:33:19 -07:00
|
|
|
policies.kyverno.io/description: As application workloads share cluster resources, it is important
|
|
|
|
|
to limit resources requested and consumed by each pod. It is recommended to require
|
|
|
|
|
'resources.requests' and 'resources.limits' per pod. If a namespace level request or limit is
|
|
|
|
|
specified, defaults will automatically be applied to each pod based on the 'LimitRange' configuration.
|
2019-10-09 17:37:31 -07:00
|
|
|
spec:
|
|
|
|
|
validationFailureAction: "audit"
|
|
|
|
|
rules:
|
2019-11-10 21:06:49 -08:00
|
|
|
- name: validate-resources
|
2019-10-09 17:37:31 -07:00
|
|
|
match:
|
|
|
|
|
resources:
|
|
|
|
|
kinds:
|
|
|
|
|
- Pod
|
|
|
|
|
validate:
|
|
|
|
|
message: "CPU and memory resource requests and limits are required"
|
|
|
|
|
pattern:
|
|
|
|
|
spec:
|
|
|
|
|
containers:
|
|
|
|
|
- resources:
|
|
|
|
|
requests:
|
|
|
|
|
memory: "?*"
|
|
|
|
|
cpu: "?*"
|
|
|
|
|
limits:
|
|
|
|
|
memory: "?*"
|
|
|
|
|
cpu: "?*"
|
