Mutate termination Grace Periods Seconds

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: mutate-termination-grace-period-seconds
 5  annotations:
 6    policies.kyverno.io/title: Mutate termination Grace Periods Seconds
 7    policies.kyverno.io/category: Sample
 8    policies.kyverno.io/severity: medium
 9    kyverno.io/kyverno-version: 1.6.2
10    policies.kyverno.io/minversion: 1.6.0
11    kyverno.io/kubernetes-version: "1.23"
12    policies.kyverno.io/subject: Pod
13    policies.kyverno.io/description: >-
14      Pods with large terminationGracePeriodSeconds (tGPS) might prevent cluster nodes
15      from getting drained, ultimately making the whole cluster unstable. This policy
16      mutates all incoming Pods to set their tGPS under 50s. If the user creates a pod
17      without specifying tGPS, then the Kubernetes default of 30s is maintained.      
18spec:
19  background: false
20  rules:
21    - name: mutate-termination-grace-period-seconds
22      match:
23        any:
24        - resources:
25            kinds:
26              - Pod
27      preconditions:
28        all:
29        - key: "{{request.object.spec.terminationGracePeriodSeconds || `0` }}"
30          operator: GreaterThan
31          value: 50   # maximum tGPS allowed by cluster admin
32      mutate:
33        patchStrategicMerge:
34          spec:
35            terminationGracePeriodSeconds: 50