require-resource-quota: Namespace resource quotas should be used to allocate, track and limit the number of objects, of a particular type, that can be created within a namespace. In cases such as multi-tenancy where new Namespaces must be fully provisioned before they can be used, it may not be easy to declare and understand if/when the Namespace is ready. Having a policy which defines all the resources which are required for each Namespace can assist in determining compliance. This policy, expected to be run in background mode only, performs a Namespace check to ensure that all Namespaces have a ResourceQuota. Additional rules may be written to extend the check according to needs.
@fykaa Would be nice to have a README.md for all multitenancy policies, like we have for kyverno-json policies. I'm merging this now, the README can be in a follow-up PR.
Policy Description
require-resource-quota: Namespace resource quotas should be used to allocate, track and limit the number of objects, of a particular type, that can be created within a namespace. In cases such as multi-tenancy where new Namespaces must be fully provisioned before they can be used, it may not be easy to declare and understand if/when the Namespace is ready. Having a policy which defines all the resources which are required for each Namespace can assist in determining compliance. This policy, expected to be run in background mode only, performs a Namespace check to ensure that all Namespaces have a ResourceQuota. Additional rules may be written to extend the check according to needs.
Policy Category
Multitenancy Benchmark