All Policies
Require Limits and Requests
As application workloads share cluster resources, it is important to limit resources requested and consumed by each Pod. It is recommended to require resource requests and limits per Pod, especially for memory and CPU. If a Namespace level request or limit is specified, defaults will automatically be applied to each Pod based on the LimitRange configuration. This policy validates that all containers have something specified for memory and CPU requests and memory limits.
Policy Definition
/best-practices/require-pod-requests-limits/require-pod-requests-limits.yaml
1apiVersion: kyverno.io/v1
2kind: ClusterPolicy
3metadata:
4 name: require-requests-limits
5 annotations:
6 policies.kyverno.io/title: Require Limits and Requests
7 policies.kyverno.io/category: Best Practices, EKS Best Practices
8 policies.kyverno.io/severity: medium
9 policies.kyverno.io/subject: Pod
10 policies.kyverno.io/minversion: 1.6.0
11 policies.kyverno.io/description: >-
12 As application workloads share cluster resources, it is important to limit resources
13 requested and consumed by each Pod. It is recommended to require resource requests and
14 limits per Pod, especially for memory and CPU. If a Namespace level request or limit is specified,
15 defaults will automatically be applied to each Pod based on the LimitRange configuration.
16 This policy validates that all containers have something specified for memory and CPU
17 requests and memory limits.
18spec:
19 validationFailureAction: audit
20 background: true
21 rules:
22 - name: validate-resources
23 match:
24 any:
25 - resources:
26 kinds:
27 - Pod
28 validate:
29 message: "CPU and memory resource requests and limits are required."
30 pattern:
31 spec:
32 containers:
33 - resources:
34 requests:
35 memory: "?*"
36 cpu: "?*"
37 limits:
38 memory: "?*"