gwg313/homelab-gitops
1
0
Fork 0
mirror of https://github.com/gwg313/homelab-gitops.git synced 2026-06-05 20:50:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
homelab-gitops/platform/kyverno/policies/require-requests-limits.yaml
gwg313 d3da92bbb8
add cicd exclude to resource limits 
Signed-off-by: gwg313 <gwg313@pm.me>
2026-05-23 22:09:35 -04:00

53 lines
1.6 KiB
YAML
Raw Blame History

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: require-requests-limits
annotations:
argocd.argoproj.io/sync-wave: "0"
policies.kyverno.io/title: Enforce Resource Requests and Limits
policies.kyverno.io/description: >-
Guarantees cluster stability by requiring all application containers
to explicitly declare CPU and Memory requests and limits.
spec:
validationFailureAction: Enforce
background: true
rules:
- name: validate-resources
match:
any:
- resources:
kinds:
- Pod
exclude:
any:
- resources:
namespaces:
- default
- kube-system
- kube-public
- kube-node-lease
- argocd
- kyverno
- cilium-ingress
- cilium-secrets
- cert-manager
- sealed-secrets
- nfs-subdir-external-provisioner
- monitoring
- tekton-pipelines-resolvers
- tekton-pipelines
- pipelines-as-code
- cicd
validate:
message: "Resource discipline violation: Containers must declare cpu/memory requests and limits."
pattern:
spec:
containers:
- name: "*"
resources:
requests:
cpu: "?*" # Must not be empty
memory: "?*" # Must not be empty
limits:
cpu: "?*" # Must not be empty
memory: "?*" # Must not be empty
Reference in a new issue View git blame Copy permalink