Home > Blockchain >  Enforce container CPU and memory resource requests & limits
Enforce container CPU and memory resource requests & limits

Time:02-16

Is there a way to prevent a Pod from deploying onto Kubernetes if it does not have memory resource requests & limits set?

CodePudding user response:

Yes, you can apply Limit Ranges. See e.g. Configure Minimum and Maximum CPU Constraints for a Namespace for an example for CPU resources, but it can be applied for e.g. memory and storage as well.

CodePudding user response:

For this you could enable the Policy addon for AKS:

az aks enable-addons --addons azure-policy --name MyAKSCluster --resource-group MyResourceGroup

This installs a managed Gatekeeper instance to your cluster. With this enabled you can apply Azure build-in policies or apply your own Gatekeeper policies to the AKS cluster. Here is a list of built-in polices from Azure specially for Kubernetes.

Here is the built-in policy to enforce limits. Here you will find a sample ConstraintTemplate for your use case described above. As those templates are CRDs your need to activate those with a Constraint. You may need to tweak them to also enforce memory & cpu requests.

Another Policy tool is Kyverno. The downside is that it is not Azure manage so you have to to update it yourself and you have no built-in polices from Microsoft. Here are some examples policies:

  1. Require Limits and Requests
  2. Memory Requests Equal Limits

Hope that helped in addition to the LimitRange hint from Jonas :)

  • Related