All Policies
Add Default Resources
Pods which don't specify at least resource requests are assigned a QoS class of BestEffort which can hog resources for other Pods on Nodes. At a minimum, all Pods should specify resource requests in order to be labeled as the QoS class Burstable. This sample mutates any container in a Pod which doesn't specify memory or cpu requests to apply some sane defaults.
Policy Definition
/other/add_default_resources/add-default-resources.yaml
1apiVersion : kyverno.io/v1
2kind: ClusterPolicy
3metadata:
4 name: add-default-resources
5 annotations:
6 policies.kyverno.io/title: Add Default Resources
7 policies.kyverno.io/category: Other
8 policies.kyverno.io/severity: medium
9 kyverno.io/kyverno-version: 1.6.0
10 policies.kyverno.io/minversion: 1.6.0
11 kyverno.io/kubernetes-version: "1.23"
12 policies.kyverno.io/subject: Pod
13 policies.kyverno.io/description: >-
14 Pods which don't specify at least resource requests are assigned a QoS class
15 of BestEffort which can hog resources for other Pods on Nodes. At a minimum,
16 all Pods should specify resource requests in order to be labeled as the QoS
17 class Burstable. This sample mutates any container in a Pod which doesn't
18 specify memory or cpu requests to apply some sane defaults.
19spec:
20 background: false
21 rules:
22 - name: add-default-requests
23 match:
24 any:
25 - resources:
26 kinds:
27 - Pod
28 preconditions:
29 any:
30 - key: "{{request.operation || 'BACKGROUND'}}"
31 operator: AnyIn
32 value:
33 - CREATE
34 - UPDATE
35 mutate:
36 patchStrategicMerge:
37 spec:
38 containers:
39 - (name): "*"
40 resources:
41 requests:
42 +(memory): "100Mi"
43 +(cpu): "100m"