Is there a way to prevent a Pod from deploying onto Kubernetes if it does not have memory resource requests & limits set?
CodePudding user response:
Yes, you can apply Limit Ranges. See e.g. Configure Minimum and Maximum CPU Constraints for a Namespace for an example for CPU resources, but it can be applied for e.g. memory and storage as well.
CodePudding user response:
For this you could enable the Policy addon for AKS:
az aks enable-addons --addons azure-policy --name MyAKSCluster --resource-group MyResourceGroup
This installs a managed Gatekeeper instance to your cluster. With this enabled you can apply Azure build-in policies or apply your own Gatekeeper policies to the AKS cluster. Here is a list of built-in polices from Azure specially for Kubernetes.
Here is the built-in policy to enforce limits. Here you will find a sample ConstraintTemplate for your use case described above. As those templates are CRDs your need to activate those with a Constraint. You may need to tweak them to also enforce memory & cpu requests.
Another Policy tool is Kyverno. The downside is that it is not Azure manage so you have to to update it yourself and you have no built-in polices from Microsoft. Here are some examples policies:
Hope that helped in addition to the LimitRange hint from Jonas :)