pub/kyverno-2026-example
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
34fbdd14124eb5ed68a58ad25b5b894fb4d75678
kyverno-2026-example/04-generation/01-configmaps-secrets/generate-resource-quota.yaml
Vassiliy Yegorov 34fbdd1412 init
2026-04-08 20:22:14 +07:00

60 lines
2.0 KiB
YAML
Raw Blame History

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: generate-resource-quota
annotations:
policies.kyverno.io/title: "Генерация ResourceQuota для Namespace"
policies.kyverno.io/category: Resources
policies.kyverno.io/severity: medium
policies.kyverno.io/subject: Namespace
policies.kyverno.io/description: >-
При создании Namespace генерирует ResourceQuota.
Квота зависит от лейбла tier: standard | premium.
Значения квот берутся из ConfigMap quota-defaults.
spec:
rules:
- name: generate-quota
match:
resources:
kinds:
- Namespace
exclude:
resources:
names:
- kube-system
- kube-public
- kube-node-lease
- kyverno
context:
- name: quotaConfig
configMap:
name: quota-defaults
namespace: kyverno
generate:
apiVersion: v1
kind: ResourceQuota
name: default-quota
namespace: "{{ request.object.metadata.name }}"
synchronize: true
data:
kind: ResourceQuota
apiVersion: v1
metadata:
name: default-quota
labels:
generated-by: kyverno
spec:
hard:
# Квота CPU зависит от tier namespace
requests.cpu: >-
{{ quotaConfig.data.\"{{ request.object.metadata.labels.tier || 'standard' }}_cpu_request\" || '4' }}
requests.memory: >-
{{ quotaConfig.data.\"{{ request.object.metadata.labels.tier || 'standard' }}_memory_request\" || '8Gi' }}
limits.cpu: >-
{{ quotaConfig.data.\"{{ request.object.metadata.labels.tier || 'standard' }}_cpu_limit\" || '8' }}
limits.memory: >-
{{ quotaConfig.data.\"{{ request.object.metadata.labels.tier || 'standard' }}_memory_limit\" || '16Gi' }}
pods: "50"
services: "20"
persistentvolumeclaims: "10"
Reference in New Issue View Git Blame Copy Permalink