Setting CPU limits on containers ensures fair distribution of resources, preventing any single container from monopolizing CPU and impacting the performance of other containers. This practice enhances stability, predictability, and cost control, while also mitigating the noisy neighbor problem and facilitating efficient scaling in Kubernetes clusters. This policy ensures that cpu limits are set on every container.
apiVersion: kyverno.io/v1kind: ClusterPolicymetadata:name: require-cpu-limitsannotations:policies.kyverno.io/title: Require CPU Limitspolicies.kyverno.io/category: Otherpolicies.kyverno.io/severity: mediumpolicies.kyverno.io/subject: Podkyverno.io/kubernetes-version: "1.26"policies.kyverno.io/description: Setting CPU limits on containers ensures fair distribution of resources, preventing any single container from monopolizing CPU and impacting the performance of other containers. This practice enhances stability, predictability, and cost control, while also mitigating the noisy neighbor problem and facilitating efficient scaling in Kubernetes clusters. This policy ensures that cpu limits are set on every container.spec:validationFailureAction: Auditbackground: truerules:- name: check-cpu-limitsmatch:any:- resources:kinds:- Podvalidate:message: CPU limits are required for all containers.pattern:spec:containers:- (name): "*"resources:limits:cpu: "?*""=(ephemeralContainers)":- "=(name)": "*"resources:limits:cpu: "?*""=(initContainers)":- "=(name)": "*"resources:limits:cpu: "?*"
This policy prevents the use of the default project in an Application.
This policy prevents updates to the project field after an Application is created.
This policy ensures that the name of the ApplicationSet is the same value provided in the project.