angeloxx · April 23, 2025 15:02
diff --git a/kyverno-mutate-container-requests-based-on-limits.yaml b/kyverno-mutate-container-requests-based-on-limits.yaml
 apiVersion: kyverno.io/v1
 kind: ClusterPolicy
 metadata:
  name: mutate-container-requests-based-on-limits
  annotations:
    pod-policies.kyverno.io/autogen-controllers: none
    policies.kyverno.io/title: Adjust Container Memory Requests Based on Limits
    policies.kyverno.io/category: Other
    policies.kyverno.io/subject: Workload
    policies.kyverno.io/minversion: 1.11.0
    kyverno.io/kubernetes-version: "1.23"
    policies.kyverno.io/description: |
      Automatically sets memory requests to 90% of limits for Pod containers when initial 
      requests and limits are equal. Parent object will not be affected
    policies.kyverno.io/usage: |
      - Apply to clusters to enforce memory request/limit ratio
 spec:
  rules:
    - name: mutate-container-requests-based-on-limits
      match:
        any:
        - resources:
            kinds:
              - Pod

      preconditions:
        all:
        - key: "{{ request.operation }}"
          operator: In
          value:
          - CREATE
      context:
      - name: ratio
        variable:
          value: "0.9"
      mutate:
        foreach:
        - list: request.object.spec.containers
          preconditions:
            any:
              - key: "{{ element.resources.requests.memory || '-1' }}"
                operator: Equals
                value: "{{ element.resources.limits.memory || '+1' }}"
          patchesJson6902: |-
            - path: "/spec/containers/{{`{{ elementIndex }}`}}/resources/requests/memory"
              op: add
              value:
                "{{ multiply(`{{ regex_replace_all('([0-9]*)(.*)', '{{ element.resources.limits.memory }}', '${1}') }}`,`{{ ratio }}`) }}{{ regex_replace_all('([0-9]*)(.*)', '{{ element.resources.limits.memory }}', '${2}') }}"
	apiVersion: kyverno.io/v1
	kind: ClusterPolicy
	metadata:
	name: mutate-container-requests-based-on-limits
	annotations:
	pod-policies.kyverno.io/autogen-controllers: none
	policies.kyverno.io/title: Adjust Container Memory Requests Based on Limits
	policies.kyverno.io/category: Other
	policies.kyverno.io/subject: Workload
	policies.kyverno.io/minversion: 1.11.0
	kyverno.io/kubernetes-version: "1.23"
	policies.kyverno.io/description: \|
	Automatically sets memory requests to 90% of limits for Pod containers when initial
	requests and limits are equal. Parent object will not be affected
	policies.kyverno.io/usage: \|
	- Apply to clusters to enforce memory request/limit ratio
	spec:
	rules:
	- name: mutate-container-requests-based-on-limits
	match:
	any:
	- resources:
	kinds:
	- Pod

	preconditions:
	all:
	- key: "{{ request.operation }}"
	operator: In
	value:
	- CREATE
	context:
	- name: ratio
	variable:
	value: "0.9"
	mutate:
	foreach:
	- list: request.object.spec.containers
	preconditions:
	any:
	- key: "{{ element.resources.requests.memory \|\| '-1' }}"
	operator: Equals
	value: "{{ element.resources.limits.memory \|\| '+1' }}"
	patchesJson6902: \|-
	- path: "/spec/containers/{{`{{ elementIndex }}`}}/resources/requests/memory"
	op: add
	value:
	"{{ multiply(`{{ regex_replace_all('([0-9])(.)', '{{ element.resources.limits.memory }}', '${1}') }}`,`{{ ratio }}`) }}{{ regex_replace_all('([0-9])(.)', '{{ element.resources.limits.memory }}', '${2}') }}"