Require CPU Limits

Setting CPU limits on containers ensures fair distribution of resources, preventing any single container from monopolizing CPU and impacting the performance of other containers. This practice enhances stability, predictability, and cost control, while also mitigating the noisy neighbor problem and facilitating efficient scaling in Kubernetes clusters. This policy ensures that cpu limits are set on every container.

Policy Definition

/other/require-cpu-limits/require-cpu-limits.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: require-cpu-limits
 5  annotations:
 6    policies.kyverno.io/title: Require CPU Limits
 7    policies.kyverno.io/category: Other
 8    policies.kyverno.io/severity: medium
 9    policies.kyverno.io/subject: Pod
10    kyverno.io/kubernetes-version: "1.26"
11    policies.kyverno.io/description: >-
12      Setting CPU limits on containers ensures fair distribution of resources, preventing any single container from monopolizing CPU and impacting the performance of other containers. This practice enhances stability, predictability, and cost control, while also mitigating the noisy neighbor problem and facilitating efficient scaling in Kubernetes clusters. This policy ensures that cpu limits are set on every container.
13spec:
14  validationFailureAction: Audit
15  background: true
16  rules:
17  - name: check-cpu-limits
18    match:
19      any:
20      - resources:
21          kinds:
22          - Pod
23    validate:
24      message: "CPU limits are required for all containers."
25      pattern:
26        spec:
27          containers:
28          - (name): "*"
29            resources:
30              limits:
31                cpu: "?*"
32          =(ephemeralContainers):
33          - =(name): "*"
34            resources:
35              limits:
36                cpu: "?*"
37          =(initContainers):
38          - =(name): "*"
39            resources:
40              limits:
41                cpu: "?*"

Create policy issue