-
Notifications
You must be signed in to change notification settings - Fork 211
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Require CPU Limits #1019
base: main
Are you sure you want to change the base?
Require CPU Limits #1019
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Once again, we have a policy for this here: https://kyverno.io/policies/best-practices/require-pod-requests-limits/require-pod-requests-limits/
In practice, Kubernetes will set requests equal to limits if no requests are specified, so this policy is functionally equivalent to the above.
This PR also lumps in the policy from your previous PR and should not.
I see I was mistaken. We don't have one which specifically requires CPU limits. Although the claim you make in your post isn't exactly correct, we can add such a policy to the library if you address issues. |
DCO is required here. |
Please sign off on your PR. |
Signed-off-by: nsagark <90008930+nsagark@users.noreply.github.com>
Sign off is not complete. |
Converting to draft until all basic requirements are met. |
Related Issue(s)
This is Kyverno equivalent policy for below. Setting CPU limits on pods ensures fair distribution of resources, preventing any single pod from monopolizing CPU and impacting the performance of other pods. This practice enhances stability, predictability, and cost control, while also mitigating the noisy neighbor problem and facilitating efficient scaling in Kubernetes clusters. This policy ensures that cpu limits are set on every container.
https://github.com/bridgecrewio/checkov/blob/main/checkov/kubernetes/checks/resource/k8s/CPULimits.py
Checklist