Do not encourage adding CPU limits #3723
Comments
|
The example policy was added a while ago: d733e7d |
|
Agreed on this, we recently removed cpu limits from Gatekeeper deployment too #2326. However, Azure policies are not directly related to Gatekeeper open-source project. Do you mind creating an issue in https://github.com/azure/aks for tracking Azure policy updates for this? We can use this issue to track removal in agilebank demo https://github.com/open-policy-agent/gatekeeper/blob/master/demo/agilebank/templates/k8scontainterlimits_template.yaml |
|
@nemobis Are you using deployment safeguard? |
Good. Speaking of which, CPU requests are too high. 10m would probably be enough; on the busiest nodes I get CPU usage between 10m and 40m.
I'll think about it but they have dozens of dubious policies and I'm not so interested in contributing to a proprietary Microsoft project. I'm just disabling the "feature" entirely for now.
Not that I know... |
What steps did you take and what happened:
OPA katekeeper appeared on my cluster with AKS defaults. Now I get bunch of logs of the kind:
What did you expect to happen:
No encouragement to add CPU limits should be in the default policies.
Anything else you would like to add:
CPU limits are often harmful and should only be added after careful consideration. Kyverno also has stopped encouraging them: kyverno/kyverno#799
Environment:
The text was updated successfully, but these errors were encountered: