apiVersion: kyverno.io/v1alpha1
kind: ClusterPolicy
metadata:
  name: require-pod-requests-limits
  annotations:
    policies.kyverno.io/category: Workload Management
    policies.kyverno.io/description: As application workloads share cluster resources, it is important 
      to limit resources requested and consumed by each pod. It is recommended to require 
      'resources.requests' and 'resources.limits' per pod. If a namespace level request or limit is 
      specified, defaults will automatically be applied to each pod based on the 'LimitRange' configuration.
spec:
  validationFailureAction: "audit"
  rules:
  - name: validate-resources
    match:
      resources:
        kinds:
        - Pod
    validate:
      message: "CPU and memory resource requests and limits are required"
      pattern:
        spec:
          containers:
          - resources:
              requests:
                memory: "?*"
                cpu: "?*"
              limits:
                memory: "?*"
                cpu: "?*"