mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-07 00:17:13 +00:00
45 lines
No EOL
1.4 KiB
YAML
45 lines
No EOL
1.4 KiB
YAML
apiVersion : kyverno.io/v1
|
|
kind: ClusterPolicy
|
|
metadata:
|
|
name: add-default-resources
|
|
annotations:
|
|
policies.kyverno.io/title: Add Default Resources
|
|
policies.kyverno.io/category: Other
|
|
policies.kyverno.io/severity: medium
|
|
kyverno.io/kyverno-version: 1.10.0-alpha.2
|
|
policies.kyverno.io/minversion: 1.7.0
|
|
kyverno.io/kubernetes-version: "1.26"
|
|
policies.kyverno.io/subject: Pod
|
|
policies.kyverno.io/description: >-
|
|
Pods which don't specify at least resource requests are assigned a QoS class
|
|
of BestEffort which can hog resources for other Pods on Nodes. At a minimum,
|
|
all Pods should specify resource requests in order to be labeled as the QoS
|
|
class Burstable. This sample mutates any container in a Pod which doesn't
|
|
specify memory or cpu requests to apply some sane defaults.
|
|
spec:
|
|
background: false
|
|
rules:
|
|
- name: add-default-requests
|
|
match:
|
|
any:
|
|
- resources:
|
|
kinds:
|
|
- Pod
|
|
preconditions:
|
|
any:
|
|
- key: "{{request.operation || 'BACKGROUND'}}"
|
|
operator: AnyIn
|
|
value:
|
|
- CREATE
|
|
- UPDATE
|
|
mutate:
|
|
foreach:
|
|
- list: "request.object.spec.containers[]"
|
|
patchStrategicMerge:
|
|
spec:
|
|
containers:
|
|
- (name): "{{element.name}}"
|
|
resources:
|
|
requests:
|
|
+(memory): "100Mi"
|
|
+(cpu): "100m" |