46 lines
1.5 KiB
YAML
46 lines
1.5 KiB
YAML
apiVersion: kyverno.io/v1
|
|
kind: ClusterPolicy
|
|
metadata:
|
|
name: set-dynamic-resource-limits
|
|
annotations:
|
|
policies.kyverno.io/title: "Динамические resource limits из ConfigMap"
|
|
policies.kyverno.io/category: Resources
|
|
policies.kyverno.io/severity: low
|
|
policies.kyverno.io/subject: Pod
|
|
policies.kyverno.io/description: >-
|
|
Устанавливает resource limits на основе лейбла service-type пода.
|
|
Значения берутся из ConfigMap kyverno-global-config в namespace kyverno.
|
|
Изменение лимитов — это kubectl edit configmap, не изменение политики.
|
|
Лейблы: service-type: api | worker | (default)
|
|
spec:
|
|
rules:
|
|
- name: set-limits-from-config
|
|
match:
|
|
resources:
|
|
kinds:
|
|
- Pod
|
|
exclude:
|
|
resources:
|
|
namespaces:
|
|
- kube-system
|
|
- kyverno
|
|
context:
|
|
- name: globalConfig
|
|
configMap:
|
|
name: kyverno-global-config
|
|
namespace: kyverno
|
|
- name: serviceType
|
|
variable:
|
|
value: "{{ request.object.metadata.labels.\"service-type\" || 'default' }}"
|
|
mutate:
|
|
foreach:
|
|
- list: "request.object.spec.containers"
|
|
patchStrategicMerge:
|
|
spec:
|
|
containers:
|
|
- name: "{{ element.name }}"
|
|
resources:
|
|
limits:
|
|
+(memory): "{{ globalConfig.data.\"{{ serviceType }}_memory\" || '256Mi' }}"
|
|
+(cpu): "{{ globalConfig.data.\"{{ serviceType }}_cpu\" || '250m' }}"
|