mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 23:41:43 +01:00
53 lines
1.8 KiB
YAML
53 lines
1.8 KiB
YAML
# SPDX-FileCopyrightText: 2024 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
---
|
|
apiVersion: "kyverno.io/v1"
|
|
kind: "ClusterPolicy"
|
|
metadata:
|
|
name: "require-requests-limits"
|
|
annotations:
|
|
policies.kyverno.io/title: "Require resources cpu/memory request and limits."
|
|
policies.kyverno.io/subject: "Pod"
|
|
policies.kyverno.io/description: >-
|
|
As application workloads share cluster resources, it is important to limit resources requested and consumed by
|
|
each Pod.
|
|
It is recommended to require resource requests and limits per Pod, especially for memory and CPU.
|
|
If a Namespace level request or limit is specified, defaults will automatically be applied to each Pod based on
|
|
the LimitRange configuration.
|
|
This policy validates that all containers have specified requests for memory and CPU and a limit for memory.
|
|
spec:
|
|
background: true
|
|
rules:
|
|
- match:
|
|
resources:
|
|
kinds:
|
|
- "Pod"
|
|
name: "validate-resources"
|
|
validate:
|
|
message: "CPU and memory resource requests and limits are required."
|
|
pattern:
|
|
spec:
|
|
=(ephemeralContainers):
|
|
- resources:
|
|
limits:
|
|
memory: "?*"
|
|
requests:
|
|
cpu: "?*"
|
|
memory: "?*"
|
|
=(initContainers):
|
|
- resources:
|
|
limits:
|
|
memory: "?*"
|
|
requests:
|
|
cpu: "?*"
|
|
memory: "?*"
|
|
containers:
|
|
- resources:
|
|
limits:
|
|
memory: "?*"
|
|
requests:
|
|
cpu: "?*"
|
|
memory: "?*"
|
|
validationFailureAction: "audit"
|
|
...
|