alexdmoss/kyverno-vpa-generate.yaml

## kyverno-vpa-generate.yaml
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: generate-vpa-deployment
  annotations:
    policies.kyverno.io/description: >-
      Creates VerticalPodAutoscaler resources for all Deployments not in the kube-system namespace.
      Scales both CPU and Memory - assumes Pod Autoscaling not in use on these.
spec:
  failurePolicy: Fail
  validationFailureAction: Enforce
  generateExistingOnPolicyUpdate: true
  rules:
  - name: generate-vpa
    match:
      any:
      - resources:
          kinds:
          - Deployment
    exclude:
      any:
      - resources:
          namespaces:
          - kube-system
    generate:
      kind: VerticalPodAutoscaler
      apiVersion: autoscaling.k8s.io/v1
      name: "{{request.object.metadata.name}}"
      namespace: "{{request.object.metadata.namespace}}"
      synchronize: true                                   # keeps VPA in sync with changes here. Deleting this policy deletes the VPAs
      data:
        metadata:
          labels:
            created-by: kyverno
        spec:
          targetRef:
            apiVersion: "apps/v1"
            kind:       Deployment
            name:       "{{request.object.metadata.name}}"
          updatePolicy:
            updateMode: "Auto"
          resourcePolicy:
            containerPolicies:
              - containerName: '*'
                minAllowed:
                  cpu: "50m"
                  memory: "50Mi"
                maxAllowed:
                  cpu: "1"
                  memory: "2Gi"
	---
	apiVersion: kyverno.io/v1
	kind: ClusterPolicy
	metadata:
	name: generate-vpa-deployment
	annotations:
	policies.kyverno.io/description: >-
	Creates VerticalPodAutoscaler resources for all Deployments not in the kube-system namespace.
	Scales both CPU and Memory - assumes Pod Autoscaling not in use on these.
	spec:
	failurePolicy: Fail
	validationFailureAction: Enforce
	generateExistingOnPolicyUpdate: true
	rules:
	- name: generate-vpa
	match:
	any:
	- resources:
	kinds:
	- Deployment
	exclude:
	any:
	- resources:
	namespaces:
	- kube-system
	generate:
	kind: VerticalPodAutoscaler
	apiVersion: autoscaling.k8s.io/v1
	name: "{{request.object.metadata.name}}"
	namespace: "{{request.object.metadata.namespace}}"
	synchronize: true # keeps VPA in sync with changes here. Deleting this policy deletes the VPAs
	data:
	metadata:
	labels:
	created-by: kyverno
	spec:
	targetRef:
	apiVersion: "apps/v1"
	kind: Deployment
	name: "{{request.object.metadata.name}}"
	updatePolicy:
	updateMode: "Auto"
	resourcePolicy:
	containerPolicies:
	- containerName: '*'
	minAllowed:
	cpu: "50m"
	memory: "50Mi"
	maxAllowed:
	cpu: "1"
	memory: "2Gi"