Add priority class for DaemonSets to help Karpenter.

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: add-karpenter-daemonset-priority-class
 5  annotations:
 6    policies.kyverno.io/title: Add priority class for DaemonSets to help Karpenter.
 7    policies.kyverno.io/subject: DaemonSet
 8    policies.kyverno.io/category: Karpenter
 9    policies.kyverno.io/severity: medium
10    kyverno.io/kyverno-version: 1.9.3
11    kyverno.io/kubernetes-version: "1.26"
12    policies.kyverno.io/minversion: 1.6.0
13    policies.kyverno.io/description: >-
14      When a DaemonSet is added to a cluster every node will get a new pod. There may not be 
15      enough room for this on every node. Karpenter cannot provision extra nodes just for the 
16      DaemonSet because the new pods are not scheduled the way regular pods are. It would require
17      parallel scheduling logic that is not proper to Kubernetes. Therefore, eviction of regular 
18      pods should happen instead. This can be achieved with the priority class system-node-critical.
19spec:
20  rules:
21    - name: add-karpenter-daemonset-priority-class
22      match:
23        any:
24          - resources:
25              kinds:
26                - DaemonSet
27      mutate:
28        patchStrategicMerge:
29          spec:
30            template:
31              spec:
32                priorityClassName: system-node-critical