jahanson/theshire
1
0
Fork 0
Code Issues 1 Pull requests 10 Projects Releases Packages Wiki Activity Actions
theshire/kubernetes/apps/kyverno/kyverno/policies/remove-cpu-limits.yaml
Joseph Hanson 645ed81c88 Homelab
2024-01-11 15:03:54 -06:00

44 lines
1.4 KiB
YAML
Raw Blame History

---
# yaml-language-server: $schema=https://ks.hsn.dev/kyverno.io/clusterpolicy_v1.json
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: remove-cpu-limit
annotations:
policies.kyverno.io/title: Remove CPU limits
policies.kyverno.io/category: Best Practices
policies.kyverno.io/severity: medium
policies.kyverno.io/subject: Pod
policies.kyverno.io/description: >-
This policy removes CPU limits from all Pods.
pod-policies.kyverno.io/autogen-controllers: none
spec:
generateExistingOnPolicyUpdate: true
rules:
- name: remove-containers-cpu-limits
match:
any:
- resources:
kinds: ["Pod"]
mutate:
foreach:
- list: "request.object.spec.containers"
patchesJson6902: |-
- path: /spec/containers/{{elementIndex}}/resources/limits/cpu
op: remove
- name: delete-initcontainers-cpu-limits
match:
any:
- resources:
kinds: ["Pod"]
preconditions:
all:
- key: "{{ request.object.spec.initContainers[] || `[]` | length(@) }}"
operator: GreaterThanOrEquals
value: 1
mutate:
foreach:
- list: "request.object.spec.initContainers"
patchesJson6902: |-
- path: /spec/initContainers/{{elementIndex}}/resources/limits/cpu
op: remove
Reference in a new issue View git blame Copy permalink