All Policies

Limit Containers per Pod

Pods can have many different containers which are tightly coupled. It may be desirable to limit the amount of containers that can be in a single Pod to control best practice application or so policy can be applied consistently. This policy checks all Pods to ensure they have no more than four containers.

Policy Definition

/other/limit-containers-per-pod/limit-containers-per-pod.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: limit-containers-per-pod
 5  annotations:
 6    policies.kyverno.io/title: Limit Containers per Pod
 7    policies.kyverno.io/category: Sample
 8    policies.kyverno.io/minversion: 1.6.0
 9    policies.kyverno.io/subject: Pod
10    policies.kyverno.io/description: >-
11      Pods can have many different containers which
12      are tightly coupled. It may be desirable to limit the amount of containers that
13      can be in a single Pod to control best practice application or so policy can
14      be applied consistently. This policy checks all Pods to ensure they have
15      no more than four containers.
16spec:
17  validationFailureAction: Audit
18  background: false
19  rules:
20  - name: limit-containers-per-pod
21    match:
22      any:
23      - resources:
24          kinds:
25          - Pod
26    preconditions:
27      all:
28      - key: "{{request.operation || 'BACKGROUND'}}"
29        operator: AnyIn
30        value: 
31        - CREATE
32        - UPDATE
33    validate:
34      message: "Pods can only have a maximum of 4 containers."
35      deny:
36        conditions:
37          any:
38          - key: "{{request.object.spec.containers[] | length(@)}}"
39            operator: GreaterThan
40            value: "4"
Create policy issue