All Policies
Restrict Pod Count per Node
Sometimes Kubernetes Nodes may have a maximum number of Pods they can accommodate due to resources outside CPU and memory such as licensing, or in some development cases. This policy restricts Pod count on a Node named `minikube` to be no more than 10.
Policy Definition
/other/restrict-pod-count-per-node/restrict-pod-count-per-node.yaml
1apiVersion: kyverno.io/v1
2kind: ClusterPolicy
3metadata:
4 name: restrict-pod-count
5 annotations:
6 policies.kyverno.io/title: Restrict Pod Count per Node
7 policies.kyverno.io/category: Sample
8 policies.kyverno.io/severity: medium
9 policies.kyverno.io/subject: Pod
10 policies.kyverno.io/minversion: 1.6.0
11 policies.kyverno.io/description: >-
12 Sometimes Kubernetes Nodes may have a maximum number of Pods they can accommodate due to
13 resources outside CPU and memory such as licensing, or in some
14 development cases. This policy restricts Pod count on a Node named `minikube` to be no more than 10.
15 # pod-policies.kyverno.io/autogen-controllers: none
16spec:
17 validationFailureAction: Audit
18 background: false
19 rules:
20 - name: restrict-pod-count
21 match:
22 any:
23 - resources:
24 kinds:
25 - Pod
26 context:
27 - name: podcounts
28 apiCall:
29 urlPath: "/api/v1/pods"
30 jmesPath: "items[?spec.nodeName=='minikube'] | length(@)"
31 preconditions:
32 any:
33 - key: "{{ request.operation || 'BACKGROUND' }}"
34 operator: Equals
35 value: "CREATE"
36 validate:
37 message: "A maximum of 10 Pods are allowed on the Node `minikube`"
38 deny:
39 conditions:
40 any:
41 - key: "{{ podcounts }}"
42 operator: GreaterThan
43 value: 10
yaml