emptyDir policy requires ephemeral-storage resources for memory-backed volumes

Hello,

The rationale behind the _Require Requests and Limits for emptyDir_ policy is preventing the backing medium overrun:
https://github.com/kyverno/policies/blob/12a687890a7773287c7f7a32ac2e55775b6d2fd4/other/require-emptydir-requests-limits/require-emptydir-requests-limits.yaml#L14-L18

However, the policy considers only one medium. `ephemeral-storage` is the wrong resource for memory-backed (`medium: Memory`) volumes.

In addition, I believe this precondition is obsolete:
https://github.com/kyverno/policies/blob/12a687890a7773287c7f7a32ac2e55775b6d2fd4/other/require-emptydir-requests-limits/require-emptydir-requests-limits.yaml#L38-L42

	Pods which mount emptyDir volumes may be allowed to potentially overrun
	the medium backing the emptyDir volume. This sample ensures that any
	initContainers or containers mounting an emptyDir volume have
	ephemeral-storage requests and limits set. Policy will be skipped if
	the volume has already a sizeLimit set.

	- key: "{{request.operation \|\| 'BACKGROUND'}}"
	operator: AnyIn
	value:
	- CREATE
	- UPDATE

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

emptyDir policy requires ephemeral-storage resources for memory-backed volumes #1365

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

emptyDir policy requires ephemeral-storage resources for memory-backed volumes #1365

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions