apiVersion : kyverno.io/v1alpha1
kind: Policy
metadata:
  name: policy-qos
spec:
  rules:
  - name: add-memory-limit
    resource:
      kinds:
      - Deployment
    mutate:
      overlay:
        spec:
          template:
            spec:
              containers:
                # the wildcard * will match all containers in the list
                - (name): "*"
                  resources:
                    limits:
                      # add memory limit if it is not exist
                      "+(memory)": "300Mi"
  - name: check-cpu-memory-limits
    resource:
      kinds:
      - Deployment
    validate:
      message: "Resource limits are required for CPU and memory"
      pattern:
        spec:
          template:
            spec:
              containers:
              # match all contianers
              - (name): "*"
                resources:
                  limits:
                    # cpu and memory is required despite of the value
                    memory: "?*"
                    cpu: "?*"