-
Notifications
You must be signed in to change notification settings - Fork 762
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not encourage adding CPU limits #3723
Comments
The example policy was added a while ago: d733e7d |
Agreed on this, we recently removed cpu limits from Gatekeeper deployment too #2326. However, Azure policies are not directly related to Gatekeeper open-source project. Do you mind creating an issue in https://github.com/azure/aks for tracking Azure policy updates for this? We can use this issue to track removal in agilebank demo https://github.com/open-policy-agent/gatekeeper/blob/master/demo/agilebank/templates/k8scontainterlimits_template.yaml |
@nemobis Are you using deployment safeguard? |
Good. Speaking of which, CPU requests are too high. 10m would probably be enough; on the busiest nodes I get CPU usage between 10m and 40m.
I'll think about it but they have dozens of dubious policies and I'm not so interested in contributing to a proprietary Microsoft project. I'm just disabling the "feature" entirely for now.
Not that I know... |
What steps did you take and what happened:
OPA katekeeper appeared on my cluster with AKS defaults. Now I get bunch of logs of the kind:
What did you expect to happen:
No encouragement to add CPU limits should be in the default policies.
Anything else you would like to add:
CPU limits are often harmful and should only be added after careful consideration. Kyverno also has stopped encouraging them: kyverno/kyverno#799
Environment:
The text was updated successfully, but these errors were encountered: