diff --git a/k8s/bases/infrastructure/cluster-policies/samples/best-practices/add-ns-quota/add-ns-quota.yaml b/k8s/bases/infrastructure/cluster-policies/samples/best-practices/add-ns-quota/add-ns-quota.yaml deleted file mode 100644 index 03572eb09..000000000 --- a/k8s/bases/infrastructure/cluster-policies/samples/best-practices/add-ns-quota/add-ns-quota.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: add-ns-quota - annotations: - policies.kyverno.io/title: Add Quota - policies.kyverno.io/category: Multi-Tenancy, EKS Best Practices - policies.kyverno.io/subject: ResourceQuota, LimitRange - policies.kyverno.io/minversion: 1.6.0 - policies.kyverno.io/description: >- - To better control the number of resources that can be created in a given - Namespace and provide default resource consumption limits for Pods, - ResourceQuota and LimitRange resources are recommended. - This policy will generate ResourceQuota and LimitRange resources when - a new Namespace is created. -spec: - rules: - - name: generate-resourcequota - match: - any: - - resources: - kinds: - - Namespace - generate: - apiVersion: v1 - kind: ResourceQuota - name: default-resourcequota - synchronize: true - namespace: "{{request.object.metadata.name}}" - data: - spec: - hard: - requests.cpu: '4' - requests.memory: '16Gi' - limits.cpu: '4' - limits.memory: '16Gi' - - name: generate-limitrange - match: - any: - - resources: - kinds: - - Namespace - generate: - apiVersion: v1 - kind: LimitRange - name: default-limitrange - synchronize: true - namespace: "{{request.object.metadata.name}}" - data: - spec: - limits: - - default: - cpu: 500m - memory: 1Gi - defaultRequest: - cpu: 200m - memory: 256Mi - type: Container \ No newline at end of file diff --git a/k8s/bases/infrastructure/cluster-policies/samples/other/create-pod-antiaffinity/create-pod-antiaffinity.yaml b/k8s/bases/infrastructure/cluster-policies/samples/other/create-pod-antiaffinity/create-pod-antiaffinity.yaml deleted file mode 100644 index accb4dcb3..000000000 --- a/k8s/bases/infrastructure/cluster-policies/samples/other/create-pod-antiaffinity/create-pod-antiaffinity.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: insert-pod-antiaffinity - annotations: - policies.kyverno.io/title: Add Pod Anti-Affinity - policies.kyverno.io/category: Sample - policies.kyverno.io/subject: Deployment, Pod - policies.kyverno.io/minversion: 1.6.0 - policies.kyverno.io/description: >- - Applications may involve multiple replicas of the same Pod for availability as well as scale - purposes, yet Kubernetes does not by default provide a solution for availability. This policy - sets a Pod anti-affinity configuration on Deployments which contain an `app` label if it is - not already present. -spec: - rules: - - name: insert-pod-antiaffinity - match: - any: - - resources: - kinds: - - Deployment - preconditions: - # This precondition selects Pods with the label `app` defined - all: - - key: "{{request.object.spec.template.metadata.labels.app || ''}}" - operator: NotEquals - value: "" - # Mutates the Deployment resource to add fields. - mutate: - patchStrategicMerge: - spec: - template: - spec: - # Add the `affinity`if not already specified. - +(affinity): - +(podAntiAffinity): - +(preferredDuringSchedulingIgnoredDuringExecution): - - weight: 1 - podAffinityTerm: - topologyKey: "kubernetes.io/hostname" - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - "{{request.object.spec.template.metadata.labels.app}}" diff --git a/k8s/bases/infrastructure/cluster-policies/samples/other/spread-pods-across-topology/spread-pods-across-topology.yaml b/k8s/bases/infrastructure/cluster-policies/samples/other/spread-pods-across-topology/spread-pods-across-topology.yaml deleted file mode 100644 index 4ae549e4b..000000000 --- a/k8s/bases/infrastructure/cluster-policies/samples/other/spread-pods-across-topology/spread-pods-across-topology.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: spread-pods - annotations: - policies.kyverno.io/title: Spread Pods Across Nodes - policies.kyverno.io/category: Sample - policies.kyverno.io/subject: Deployment, Pod - policies.kyverno.io/minversion: 1.6.0 - policies.kyverno.io/description: >- - Deployments to a Kubernetes cluster with multiple availability zones often need to - distribute those replicas to align with those zones to ensure site-level failures - do not impact availability. This policy matches Deployments with the label - `distributed=required` and mutates them to spread Pods across zones. -spec: - rules: - - name: spread-pods-across-nodes - # Matches any Deployment with the label `distributed=required` - match: - any: - - resources: - kinds: - - Deployment - selector: - matchLabels: - distributed: required - # Mutates the incoming Deployment. - mutate: - patchStrategicMerge: - spec: - template: - spec: - # Adds the topologySpreadConstraints field if non-existent in the request. - +(topologySpreadConstraints): - - maxSkew: 1 - topologyKey: zone - whenUnsatisfiable: DoNotSchedule - labelSelector: - matchLabels: - distributed: required \ No newline at end of file