All Policies
Add Default Resources
Pods which don't specify at least resource requests are assigned a QoS class of BestEffort which can hog resources for other Pods on Nodes. At a minimum, all Pods should specify resource requests in order to be labeled as the QoS class Burstable. This sample mutates any container in a Pod which doesn't specify memory or cpu requests to apply some sane defaults.
Policy Definition
/other/add-default-resources/add-default-resources.yaml
1apiVersion : kyverno.io/v1
2kind: ClusterPolicy
3metadata:
4 name: add-default-resources
5 annotations:
6 policies.kyverno.io/title: Add Default Resources
7 policies.kyverno.io/category: Other
8 policies.kyverno.io/severity: medium
9 kyverno.io/kyverno-version: 1.10.0-alpha.2
10 policies.kyverno.io/minversion: 1.7.0
11 kyverno.io/kubernetes-version: "1.26"
12 policies.kyverno.io/subject: Pod
13 policies.kyverno.io/description: >-
14 Pods which don't specify at least resource requests are assigned a QoS class
15 of BestEffort which can hog resources for other Pods on Nodes. At a minimum,
16 all Pods should specify resource requests in order to be labeled as the QoS
17 class Burstable. This sample mutates any container in a Pod which doesn't
18 specify memory or cpu requests to apply some sane defaults.
19spec:
20 background: false
21 rules:
22 - name: add-default-requests
23 match:
24 any:
25 - resources:
26 kinds:
27 - Pod
28 preconditions:
29 any:
30 - key: "{{request.operation || 'BACKGROUND'}}"
31 operator: AnyIn
32 value:
33 - CREATE
34 - UPDATE
35 mutate:
36 foreach:
37 - list: "request.object.spec.[ephemeralContainers, initContainers, containers][]"
38 patchStrategicMerge:
39 spec:
40 containers:
41 - (name): "{{element.name}}"
42 resources:
43 requests:
44 +(memory): "100Mi"
45 +(cpu): "100m"