更新时间:2024-01-05 GMT+08:00
分享

k8sreplicalimits

基本信息

  • 策略类型:合规
  • 推荐级别:L1
  • 生效资源类型:*
  • 参数:
    ranges:
      min_replicas: 整型
      max_replicas: 整型

作用

要求具有“spec.replicas”字段的对象(Deployments、ReplicaSets等)在定义的范围内。

策略实例示例

以下策略实例展示了策略定义生效的资源类型,parameters定义范围为3到50。

apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sReplicaLimits
metadata:
  name: replica-limits
spec:
  match:
    kinds:
      - apiGroups: ["apps"]
        kinds: ["Deployment"]
  parameters:
    ranges:
    - min_replicas: 3
      max_replicas: 50

符合策略实例的资源定义

Replicas设为了3,符合策略实例。

apiVersion: apps/v1
kind: Deployment
metadata:
  name: allowed-deployment
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 3
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80

不符合策略实例的资源定义

Replicas设为了100,不符合策略实例。

apiVersion: apps/v1
kind: Deployment
metadata:
  name: disallowed-deployment
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 100
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80

相关文档