apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: require-resource-limits-demo
  annotations:
    policies.kyverno.io/title: "DEMO: Требовать resources.limits"
    policies.kyverno.io/description: >-
      Демонстрационная политика для урока 6.2.
      Проверяет, что у всех контейнеров заданы CPU и memory limits.
spec:
  validationFailureAction: Audit
  background: true
  rules:
  - name: check-container-limits
    match:
      any:
      - resources:
          kinds:
          - Pod
    validate:
      foreach:
      - list: "request.object.spec.containers"
        message: >-
          Container '{{ element.name }}' must have resources.limits.cpu
          and resources.limits.memory defined.
        pattern:
          resources:
            limits:
              cpu: "?*"
              memory: "?*"