Instead of defining a common set of environment variables multiple times either in manifests or separate policies, Pods can reference entire collections stored in a ConfigMap. This policy mutates all initContainers (if present) and containers in a Pod with environment variables defined in a ConfigMap named `nsenvvars` that must exist in the destination Namespace.
apiVersion: kyverno.io/v1kind: ClusterPolicymetadata:name: add-env-vars-from-cmannotations:policies.kyverno.io/title: Add Environment Variables from ConfigMappolicies.kyverno.io/minversion: 1.6.0policies.kyverno.io/subject: Podpolicies.kyverno.io/category: Otherpolicies.kyverno.io/description: "Instead of defining a common set of environment variables multiple times either in manifests or separate policies, Pods can reference entire collections stored in a ConfigMap. This policy mutates all initContainers (if present) and containers in a Pod with environment variables defined in a ConfigMap named `nsenvvars` that must exist in the destination Namespace. "spec:rules:- name: add-env-vars-from-cmmatch:any:- resources:kinds:- Podmutate:patchStrategicMerge:spec:initContainers:- (name): "*"envFrom:- configMapRef:name: nsenvvarscontainers:- (name): "*"envFrom:- configMapRef:name: nsenvvars
The Kubernetes cluster autoscaler does not evict pods that use hostPath or emptyDir volumes. To allow eviction of these pods, the annotation cluster-autoscaler.kubernetes.io/safe-to-evict=true must be added to the pods.
The Kubernetes cluster autoscaler does not evict pods that use hostPath or emptyDir volumes. To allow eviction of these pods, the annotation cluster-autoscaler.kubernetes.io/safe-to-evict=true must be added to the pods.
CAST AI will not downscale a node that includes a pod with the autoscaling.cast.ai/removal-disabled="true" label on it, this protects sensitive workloads from being evicted and can be attributed to any pod to protect against unwanted downscaling. This policy will mutate jobs and cronjobs to add the removal-disabled label to protect against eviction.