All Policies
Add Quota
To better control the number of resources that can be created in a given Namespace and provide default resource consumption limits for Pods, ResourceQuota and LimitRange resources are recommended. This policy will generate ResourceQuota and LimitRange resources when a new Namespace is created.
Policy Definition
/best-practices/add-ns-quota/add-ns-quota.yaml
1apiVersion: kyverno.io/v1
2kind: ClusterPolicy
3metadata:
4 name: add-ns-quota
5 annotations:
6 policies.kyverno.io/title: Add Quota
7 policies.kyverno.io/category: Multi-Tenancy, EKS Best Practices
8 policies.kyverno.io/subject: ResourceQuota, LimitRange
9 policies.kyverno.io/minversion: 1.6.0
10 policies.kyverno.io/description: >-
11 To better control the number of resources that can be created in a given
12 Namespace and provide default resource consumption limits for Pods,
13 ResourceQuota and LimitRange resources are recommended.
14 This policy will generate ResourceQuota and LimitRange resources when
15 a new Namespace is created.
16spec:
17 rules:
18 - name: generate-resourcequota
19 match:
20 any:
21 - resources:
22 kinds:
23 - Namespace
24 generate:
25 apiVersion: v1
26 kind: ResourceQuota
27 name: default-resourcequota
28 synchronize: true
29 namespace: "{{request.object.metadata.name}}"
30 data:
31 spec:
32 hard:
33 requests.cpu: '4'
34 requests.memory: '16Gi'
35 limits.cpu: '4'
36 limits.memory: '16Gi'
37 - name: generate-limitrange
38 match:
39 any:
40 - resources:
41 kinds:
42 - Namespace
43 generate:
44 apiVersion: v1
45 kind: LimitRange
46 name: default-limitrange
47 synchronize: true
48 namespace: "{{request.object.metadata.name}}"
49 data:
50 spec:
51 limits:
52 - default:
53 cpu: 500m
54 memory: 1Gi
55 defaultRequest:
56 cpu: 200m
57 memory: 256Mi
58 type: Container