---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  annotations:
    policies.kyverno.io/category: Multi-Tenancy
    policies.kyverno.io/description: 'To better control the number of resources that
      can be created in a given Namespace and provide default resource consumption
      limits for Pods, ResourceQuota and LimitRange resources are recommended. This
      policy will generate ResourceQuota and LimitRange resources when a new Namespace
      is created.      '
    policies.kyverno.io/subject: ResourceQuota, LimitRange
    policies.kyverno.io/title: Add Quota
  name: add-ns-quota
spec:
  admission: true
  background: true
  rules:
  - generate:
      apiVersion: v1
      data:
        spec:
          hard:
            limits.cpu: "4"
            limits.memory: 16Gi
            requests.cpu: "4"
            requests.memory: 16Gi
      kind: ResourceQuota
      name: default-resourcequota
      namespace: '{{request.object.metadata.name}}'
      synchronize: true
    match:
      any:
      - resources:
          kinds:
          - Namespace
    name: generate-resourcequota
  - generate:
      apiVersion: v1
      data:
        spec:
          limits:
          - default:
              cpu: 500m
              memory: 1Gi
            defaultRequest:
              cpu: 200m
              memory: 256Mi
            type: Container
      kind: LimitRange
      name: default-limitrange
      namespace: '{{request.object.metadata.name}}'
      synchronize: true
    match:
      any:
      - resources:
          kinds:
          - Namespace
    name: generate-limitrange
  validationFailureAction: Audit