All Policies
Require Kubecost Labels
Kubecost can use labels assigned to Pods in order to track and display cost allocation in a granular way. These labels, which can be customized, can be used to organize and group workloads in different ways. This policy requires that the labels `owner`, `team`, `department`, `app`, and `env` are all defined on Pods. With Kyverno autogen enabled (absence of the annotation `pod-policies.kyverno.io/autogen-controllers=none`), these labels will also be required for all Pod controllers.
Policy Definition
/kubecost/require-kubecost-labels/require-kubecost-labels.yaml
1apiVersion: kyverno.io/v1
2kind: ClusterPolicy
3metadata:
4 name: require-kubecost-labels
5 annotations:
6 policies.kyverno.io/title: Require Kubecost Labels
7 policies.kyverno.io/category: Kubecost
8 policies.kyverno.io/severity: medium
9 policies.kyverno.io/subject: Pod, Label
10 kyverno.io/kyverno-version: 1.10.0
11 kyverno.io/kubernetes-version: "1.25"
12 policies.kyverno.io/description: >-
13 Kubecost can use labels assigned to Pods in order to track and display
14 cost allocation in a granular way. These labels, which can be customized, can be used
15 to organize and group workloads in different ways. This policy requires that the labels
16 `owner`, `team`, `department`, `app`, and `env` are all defined on Pods. With Kyverno
17 autogen enabled (absence of the annotation `pod-policies.kyverno.io/autogen-controllers=none`),
18 these labels will also be required for all Pod controllers.
19spec:
20 validationFailureAction: Audit
21 background: true
22 rules:
23 - name: require-labels
24 match:
25 any:
26 - resources:
27 kinds:
28 - Pod
29 validate:
30 message: "The Kubecost labels `owner`, `team`, `department`, `app`, and `env` are all required for Pods."
31 pattern:
32 metadata:
33 labels:
34 owner: "?*"
35 team: "?*"
36 department: "?*"
37 app: "?*"
38 env: "?*"