Limit Containers per Pod in CEL expressions

Pods can have many different containers which are tightly coupled. It may be desirable to limit the amount of containers that can be in a single Pod to control best practice application or so policy can be applied consistently. This policy checks all Pods to ensure they have no more than four containers.

Policy Definition

/other-cel/limit-containers-per-pod/limit-containers-per-pod.yaml


 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: limit-containers-per-pod
 5  annotations:
 6    policies.kyverno.io/title: Limit Containers per Pod in CEL expressions
 7    policies.kyverno.io/category: Sample in CEL 
 8    policies.kyverno.io/minversion: 1.11.0
 9    kyverno.io/kubernetes-version: "1.26-1.27"
10    policies.kyverno.io/subject: Pod
11    policies.kyverno.io/description: >-
12      Pods can have many different containers which
13      are tightly coupled. It may be desirable to limit the amount of containers that
14      can be in a single Pod to control best practice application or so policy can
15      be applied consistently. This policy checks all Pods to ensure they have
16      no more than four containers.
17spec:
18  validationFailureAction: Audit
19  background: false
20  rules:
21  - name: limit-containers-per-pod
22    match:
23      any:
24      - resources:
25          kinds:
26          - Pod
27          operations:
28          - CREATE
29          - UPDATE
30    validate:
31      cel:
32        expressions:
33          - expression: "size(object.spec.containers) <= 4"
34            message: "Pods can only have a maximum of 4 containers."

yaml

Create policy issue