All Policies

Memory Requests Equal Limits

Pods which have memory limits equal to requests are given a QoS class of Guaranteed which is the highest schedulable class. This policy checks that all containers in a given Pod have memory requests equal to limits.

Policy Definition

/other/memory-requests-equal-limits.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: memory-requests-equal-limits
 5  annotations:
 6    pod-policies.kyverno.io/autogen-controllers: none
 7    policies.kyverno.io/title: Memory Requests Equal Limits
 8    policies.kyverno.io/category: Sample
 9    policies.kyverno.io/severity: medium
10    policies.kyverno.io/subject: Pod
11    policies.kyverno.io/minversion: 1.3.6
12    policies.kyverno.io/description: >-
13      Pods which have memory limits equal to requests are given a QoS class of Guaranteed
14      which is the highest schedulable class. This policy checks that all containers in
15      a given Pod have memory requests equal to limits.      
16spec:
17  validationFailureAction: audit
18  background: false
19  rules:
20  - name: memory-requests-equal-limits-deployment
21    match:
22      resources:
23        kinds:
24        - Deployment
25        - DaemonSet
26        - StatefulSet
27        - Job
28    validate:
29      message: "resources.requests.memory must be equal to resources.limits.memory"
30      deny:
31        conditions:
32        - key: "{{ request.object.spec.template.spec.containers[?resources.requests.memory!=resources.limits.memory] | length(@) }}"
33          operator: NotEquals
34          value: 0
35  - name: memory-requests-equal-limits-pod
36    match:
37      resources:
38        kinds:
39        - Pod
40    validate:
41      message: "resources.requests.memory must be equal to resources.limits.memory"
42      deny:
43        conditions:
44        - key: "{{ request.object.spec.containers[?resources.requests.memory!=resources.limits.memory] | length(@) }}"
45          operator: NotEquals
46          value: 0
47  - name: memory-requests-equal-limits-cronjob
48    match:
49      resources:
50        kinds:
51        - CronJob
52    validate:
53      message: "resources.requests.memory must be equal to resources.limits.memory"
54      deny:
55        conditions:
56        - key: "{{ request.object.spec.jobTemplate.spec.template.spec.containers[?resources.requests.memory!=resources.limits.memory] | length(@) }}"
57          operator: NotEquals
58          value: 0
59
Create policy issue