Created
August 23, 2022 15:00
-
-
Save gsweene2/d6f2b5a0930b3d8c9bf881fb9308a4e3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: kyverno.io/v1 | |
kind: ClusterPolicy | |
metadata: | |
name: vpa-recommender | |
annotations: | |
policies.kyverno.io/title: VPA Recommender | |
policies.kyverno.io/category: Cluster-Policy | |
policies.kyverno.io/description: >- | |
Creates a VerticalPodAutoscaler resource for Deployments that | |
meet the criteria. | |
- HPA does not exist for Deployment | |
- Not in System Namepace | |
- Not a Tier 1 Application | |
- Not a Java Application | |
spec: | |
# Mutate and generate rules are not processed during background scans. | |
# https://kyverno.io/docs/writing-policies/background/ | |
background: false | |
rules: | |
- name: create-kind-vpa-recommender | |
context: | |
- name: hpas_in_ns | |
apiCall: | |
urlPath: "/apis/autoscaling/v1/namespaces/{{ request.object.metadata.namespace }}/horizontalpodautoscalers" | |
jmesPath: "items[].metadata.name" | |
match: | |
any: | |
- resources: | |
kinds: | |
- Deployment | |
preconditions: | |
all: | |
- key: "{{ request.object.metadata.name }}" | |
operator: AllNotIn | |
value: "{{ hpas_in_ns }}" | |
# Identify Java Applications (to exclude) | |
- key: "java" | |
operator: AllNotIn | |
value: "{{ request.object.spec.template.spec.containers[].args[] }}" | |
exclude: | |
any: | |
- resources: | |
namespaces: | |
- system-namespaces | |
- ... | |
- resources: | |
kinds: | |
- Deployment | |
names: | |
# Test App | |
- tier-1-services | |
generate: | |
apiVersion: autoscaling.k8s.io/v1 | |
kind: VerticalPodAutoscaler | |
name: "{{request.object.metadata.name}}" | |
# Must Include NS: https://github.com/kyverno/kyverno/issues/2229 | |
namespace: "{{request.object.metadata.namespace}}" | |
data: | |
metadata: | |
ownerReferences: | |
- apiVersion: v1 | |
kind: Deployment | |
name: "{{request.object.metadata.name}}" | |
uid: "{{request.object.metadata.uid}}" | |
spec: | |
targetRef: | |
apiVersion: "apps/v1" | |
kind: "{{request.object.kind}}" | |
name: "{{request.object.metadata.name}}" | |
updatePolicy: | |
updateMode: "Auto" | |
resourcePolicy: | |
containerPolicies: | |
- containerName: "*" | |
controlledValues: RequestsOnly |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment