pub/kyverno-2026-example
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
34fbdd14124eb5ed68a58ad25b5b894fb4d75678
kyverno-2026-example/05-variables/01-configmaps/set-resource-limits-from-config.yaml
Vassiliy Yegorov 34fbdd1412 init
2026-04-08 20:22:14 +07:00

45 lines
1.5 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: set-resource-limits-from-config
annotations:
policies.kyverno.io/title: "Resource limits из централизованного ConfigMap"
policies.kyverno.io/category: Resources
policies.kyverno.io/severity: low
policies.kyverno.io/subject: Pod
policies.kyverno.io/description: >-
Устанавливает дефолтные resource limits из ConfigMap kyverno-global-config.
Изменение лимитов для всего кластера — это kubectl edit configmap,
а не изменение и деплой политики.
spec:
rules:
- name: set-limits-from-configmap
match:
resources:
kinds:
- Pod
exclude:
resources:
namespaces:
- kube-system
- kyverno
context:
- name: globalConfig
configMap:
name: kyverno-global-config
namespace: kyverno
mutate:
foreach:
- list: "request.object.spec.containers"
patchStrategicMerge:
spec:
containers:
- name: "{{ element.name }}"
resources:
requests:
+(memory): "{{ globalConfig.data.\"default.memory.request\" }}"
+(cpu): "{{ globalConfig.data.\"default.cpu.request\" }}"
limits:
+(memory): "{{ globalConfig.data.\"default.memory.limit\" }}"
+(cpu): "{{ globalConfig.data.\"default.cpu.limit\" }}"
Reference in New Issue View Git Blame Copy Permalink