mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00

added conversion of overlay to patch strategic merge (#1138 )

* added conversion of overlay to patch strategic merge and modified unittest for the same

* updated best practice policy

2020-09-22 16:19:09 -07:00

1.3 KiB

Raw Blame History

Mutate pods with `emptyDir` and `hostPath` with `safe-to-evict`

The Kubernetes cluster autoscaler does not evict pods that use hostPath or emptyDir volumes. To allow eviction of these pods, the following annotation must be added to the pods:

cluster-autoscaler.kubernetes.io/safe-to-evict: true

This policy matches and mutates pods with emptyDir and hostPath volumes, to add the safe-to-evict annotation if it is not specified.

Policy YAML

add_safe_to_evict_annotation.yaml

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata: 
  name: add-safe-to-evict
spec: 
  rules: 
  - name: "annotate-empty-dir"
    match: 
      resources: 
        kinds: 
        - Pod
    mutate: 
      patchStrategicMerge:
        metadata:
          annotations:
            +(cluster-autoscaler.kubernetes.io/safe-to-evict): "true"
        spec:          
          volumes: 
          - (emptyDir): {}
  - name: annotate-host-path
    match: 
      resources: 
        kinds: 
        - Pod
    mutate: 
      patchStrategicMerge:
        metadata:
          annotations:
            +(cluster-autoscaler.kubernetes.io/safe-to-evict): "true"
        spec:          
          volumes: 
          - (hostPath):
              path: "*"

1.3 KiB Raw Blame History

Mutate pods with emptyDir and hostPath with safe-to-evict

Policy YAML

1.3 KiB

Raw Blame History

Mutate pods with `emptyDir` and `hostPath` with `safe-to-evict`