---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: check-cpu-memory
spec:
  admission: true
  background: true
  rules:
  - match:
      any:
      - resources:
          kinds:
          - Deployment
    name: check-defined
    validate:
      message: Resource limits are required for CPU and memory
      pattern:
        spec:
          template:
            spec:
              containers:
              - name: ?*
                resources:
                  limits:
                    cpu: ?*
                    memory: ?*
  - match:
      any:
      - resources:
          kinds:
          - Deployment
    name: check-cpu
    validate:
      message: CPU request should be less than 4
      pattern:
        spec:
          template:
            spec:
              containers:
              - name: '*'
                resources:
                  requests:
                    cpu: <4m
  validationFailureAction: Audit