Add InitContainers and EphermalContainers to Require Limits and Reque…

…sts (#1103) * updated require-pod-requests-limits.yaml Signed-off-by: Nikhil Maheshwari [email protected] Signed-off-by: Nikhil Maheshwari <[email protected]> * updated require-pod-requests-limits.yaml Signed-off-by: Nikhil Maheshwari [email protected] Signed-off-by: Nikhil Maheshwari <[email protected]> * Updated best-practices/require-pod-requests-limits/artifacthub-pkg.yml Signed-off-by: Nikhil Maheshwari <[email protected]> --------- Signed-off-by: Nikhil Maheshwari [email protected] Signed-off-by: Nikhil Maheshwari <[email protected]> Co-authored-by: Chip Zoller <[email protected]>
kyverno · Aug 2, 2024 · 438bfca · 438bfca
1 parent 2d8b3a4
commit 438bfca
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 3 deletions.
diff --git a/best-practices/require-pod-requests-limits/artifacthub-pkg.yml b/best-practices/require-pod-requests-limits/artifacthub-pkg.yml
@@ -19,4 +19,4 @@ readme: |
 annotations:
   kyverno/category: "Best Practices, EKS Best Practices"
   kyverno/subject: "Pod"
-digest: 6fba669ac94197333cb28249ab01deb6461cc6f909645b721fe66bef78d674ec
+digest: bc2fa8b9aed1893274a8bc60abd34fdbe5fbc25d032b7be74214cc1496b77ce1
diff --git a/best-practices/require-pod-requests-limits/require-pod-requests-limits.yaml b/best-practices/require-pod-requests-limits/require-pod-requests-limits.yaml
@@ -16,7 +16,7 @@ metadata:
       This policy validates that all containers have something specified for memory and CPU
       requests and memory limits.
 spec:
-  validationFailureAction: audit
+  validationFailureAction: Audit
   background: true
   rules:
   - name: validate-resources
@@ -26,10 +26,24 @@ spec:
           kinds:
           - Pod
     validate:
-      message: "CPU and memory resource requests and limits are required."
+      message: "CPU and memory resource requests and memory limits are required for containers."
       pattern:
         spec:
           containers:
+          - resources:
+              requests:
+                memory: "?*"
+                cpu: "?*"
+              limits:
+                memory: "?*"
+          =(initContainers):
+          - resources:
+              requests:
+                memory: "?*"
+                cpu: "?*"
+              limits:
+                memory: "?*"
+          =(ephemeralContainers):
           - resources:
               requests:
                 memory: "?*"