All Policies
Add Pod priorityClassName
A Pod PriorityClass is used to provide a guarantee on the scheduling of a Pod relative to others. This policy adds the priorityClassName of `non-production` to any Pod controller deployed into a Namespace that does not have the label env=production.
Policy Definition
/other/add-pod-priorityclassname/add-pod-priorityclassname.yaml
1apiVersion: kyverno.io/v1
2kind: ClusterPolicy
3metadata:
4 name: add-pod-priorityclassname
5 annotations:
6 policies.kyverno.io/title: Add Pod priorityClassName
7 policies.kyverno.io/category: Other
8 policies.kyverno.io/severity: medium
9 policies.kyverno.io/subject: Pod
10 pod-policies.kyverno.io/autogen-controllers: none
11 kyverno.io/kyverno-version: 1.7.1
12 policies.kyverno.io/minversion: 1.6.0
13 kyverno.io/kubernetes-version: "1.23"
14 policies.kyverno.io/description: >-
15 A Pod PriorityClass is used to provide a guarantee on the scheduling of a Pod relative to others.
16 This policy adds the priorityClassName of `non-production` to any Pod controller deployed
17 into a Namespace that does not have the label env=production.
18spec:
19 background: false
20 rules:
21 - name: add-priorityclass-controllers
22 match:
23 any:
24 - resources:
25 kinds:
26 - Deployment
27 - DaemonSet
28 - StatefulSet
29 - Job
30 namespaceSelector:
31 matchExpressions:
32 - key: env
33 operator: NotIn
34 values:
35 - production
36 mutate:
37 patchesJson6902: |-
38 - op: remove
39 path: '/spec/template/spec/priority'
40 - op: add
41 path: /spec/template/spec/priorityClassName
42 value: 'non-production'
43 - name: add-priorityclass-cronjobs
44 match:
45 any:
46 - resources:
47 kinds:
48 - CronJob
49 namespaceSelector:
50 matchExpressions:
51 - key: env
52 operator: NotIn
53 values:
54 - production
55 mutate:
56 patchesJson6902: |-
57 - op: remove
58 path: '/spec/jobTemplate/spec/template/spec/priority'
59 - op: add
60 path: /spec/jobTemplate/spec/template/spec/priorityClassName
61 value: 'non-production'