All Policies
Forbid CPU Limits
Setting of CPU limits is a debatable poor practice as it can result, when defined, in potentially starving applications of much-needed CPU cycles even when they are available. Ensuring that CPU limits are not set may ensure apps run more effectively. This policy forbids any container in a Pod from defining CPU limits.
Policy Definition
/other/forbid-cpu-limits/forbid-cpu-limits.yaml
1apiVersion: kyverno.io/v1
2kind: ClusterPolicy
3metadata:
4 name: forbid-cpu-limits
5 annotations:
6 policies.kyverno.io/title: Forbid CPU Limits
7 policies.kyverno.io/category: Other
8 policies.kyverno.io/subject: Pod
9 kyverno.io/kyverno-version: 1.10.0
10 kyverno.io/kubernetes-version: "1.26"
11 policies.kyverno.io/description: >-
12 Setting of CPU limits is a debatable poor practice as it can result, when defined, in potentially starving
13 applications of much-needed CPU cycles even when they are available. Ensuring that CPU limits are not
14 set may ensure apps run more effectively. This policy forbids any container in a Pod from defining CPU limits.
15spec:
16 background: true
17 validationFailureAction: Enforce
18 rules:
19 - name: check-cpu-limits
20 match:
21 any:
22 - resources:
23 kinds:
24 - Pod
25 validate:
26 message: Containers may not define CPU limits.
27 pattern:
28 spec:
29 containers:
30 - (name): "*"
31 =(resources):
32 =(limits):
33 X(cpu): null