apiVersion : kyverno.io/v1alpha1
kind: Policy
metadata:
  name: policy-qos
spec:
#  validationFailureAction: "audit"
  rules:
    - name: add-memory-limit
      match:
        resources:
          kinds:
          - Deployment
          selector :
            matchLabels:
              test: qos
      mutate:
        overlay:
          spec:
            template:
              spec:
                containers:
                  # the wildcard * will match all containers in the list
                  - (name): "*"
                    resources:
                      limits:
                        # add memory limit if it is not exist
                        "+(memory)": "300Mi"  
                        "+(cpu)": "100"
    - name: check-cpu-memory-limits
      match:
        resources:
          kinds:
          - Deployment
          selector :
            matchLabels:
              test: qos
      validate:
        message: "Resource limits are required for CPU and memory"
        pattern:
          spec:
            template:
              spec:
                containers:
                # match all contianers
                - (name): "*"
                  resources:
                    limits:
                      # cpu and memory are required
                      memory: "?*"
                      cpu: "?*"