-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathartifacthub-pkg.yml
183 lines (183 loc) · 5.41 KB
/
artifacthub-pkg.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
# Kubewarden Artifacthub Package config
#
# Use this config to submit the policy to https://artifacthub.io.
#
# This config can be saved to its default location with:
# kwctl scaffold artifacthub > artifacthub-pkg.yml
version: 0.3.0
name: container-resources
displayName: Container Resources
createdAt: 2024-08-12T17:48:51.791476123Z
description: Policy is designed to enforce constraints on the resource requirements of Kubernetes containers
license: Apache-2.0
homeURL: https://github.com/kubewarden/container-resources-policy
containersImages:
- name: policy
image: ghcr.io/kubewarden/policies/container-resources:v0.3.0
keywords:
- container
- resources
links:
- name: policy
url: https://github.com/kubewarden/container-resources-policy/releases/download/v0.3.0/policy.wasm
- name: source
url: https://github.com/kubewarden/container-resources-policy
install: |
The policy can be obtained using [`kwctl`](https://github.com/kubewarden/kwctl):
```console
kwctl pull ghcr.io/kubewarden/policies/container-resources:v0.3.0
```
Then, generate the policy manifest and tune it to your liking. For example:
```console
kwctl scaffold manifest -t ClusterAdmissionPolicy registry://ghcr.io/kubewarden/policies/container-resources:v0.3.0
```
maintainers:
- name: Kubewarden developers
email: [email protected]
provider:
name: kubewarden
recommendations:
- url: https://artifacthub.io/packages/helm/kubewarden/kubewarden-controller
annotations:
kubewarden/mutation: 'true'
kubewarden/questions-ui: |
questions:
- default: null
description: >-
This policy is designed to enforce constraints on the resource requirements
of Kubernetes containers.
group: Settings
label: Description
required: false
hide_input: true
type: string
variable: description
- default: {}
description: Defines the limit and minimum amount requested for CPU resource
group: Settings
label: CPU
hide_input: true
type: map[
variable: cpu
subquestions:
- default: false
group: Settings
label: Ignore values
title: Ignore values
type: boolean
variable: cpu.ignoreValues
tooltip: >-
Skip enforcement of specific values, but ensure that requests and limits are set
- default: ''
tooltip: >-
Defines default minimum CPU requested.
group: Settings
label: Default CPU requested
type: string
variable: cpu.defaultRequest
show_if: cpu.ignoreValues=false
- default: ''
tooltip: >-
Defines default CPU limit value.
group: Settings
label: Default CPU limit
type: string
variable: cpu.defaultLimit
show_if: cpu.ignoreValues=false
- default: ''
tooltip: >-
Defines maximum limit value allowed to be set for the CPU resource
group: Settings
label: Max CPU limit allowed
type: string
variable: cpu.maxLimit
show_if: cpu.ignoreValues=false
- default: {}
description: Defines the limit and minimum amount requested for memory resource
group: Settings
label: Memory
hide_input: true
type: map[
variable: memory
subquestions:
- default: false
group: Settings
label: Ignore values
title: Ignore values
type: boolean
variable: memory.ignoreValues
tooltip: >-
Skip enforcement of specific values, but ensure that requests and limits are set
- default: ''
tooltip: >-
Defines default minimum memory requested.
group: Settings
label: Default memory requested
type: string
variable: memory.defaultRequest
show_if: memory.ignoreValues=false
- default: ''
tooltip: >-
Defines default memory limit value.
group: Settings
label: Default memory limit
type: string
variable: memory.defaultLimit
show_if: memory.ignoreValues=false
- default: ''
tooltip: >-
Defines maximum limit value allowed to be set for the memory resource
group: Settings
label: Max memory limit allowed
type: string
variable: memory.maxLimit
show_if: memory.ignoreValues=false
- default: []
description: >-
Configuration used to exclude containers from enforcement
group: Settings
label: Ignore images
type: array[
value_multiline: false
variable: ignoreImages
kubewarden/resources: Pod, Replicationcontroller, Deployments, Replicaset, Statefulset, Daemonset, Job, Cronjob
kubewarden/rules: |
- apiGroups:
- ''
apiVersions:
- v1
resources:
- pods
operations:
- CREATE
- apiGroups:
- ''
apiVersions:
- v1
resources:
- replicationcontrollers
operations:
- CREATE
- UPDATE
- apiGroups:
- apps
apiVersions:
- v1
resources:
- deployments
- replicasets
- statefulsets
- daemonsets
operations:
- CREATE
- UPDATE
- apiGroups:
- batch
apiVersions:
- v1
resources:
- jobs
- cronjobs
operations:
- CREATE
- UPDATE