Require Pod priorityClassName

A Pod may optionally specify a priorityClassName which indicates the scheduling priority relative to others. This requires creation of a PriorityClass object in advance. With this created, a Pod may set this field to that value. In a multi-tenant environment, it is often desired to require this priorityClassName be set to make certain tenant scheduling guarantees. This policy requires that a Pod defines the priorityClassName field with some value.

Policy Definition

/other/require_pod_priorityclassname/require_pod_priorityclassname.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: require-pod-priorityclassname
 5  annotations:
 6    policies.kyverno.io/title: Require Pod priorityClassName
 7    policies.kyverno.io/category: Multi-Tenancy, EKS Best Practices
 8    policies.kyverno.io/severity: medium
 9    policies.kyverno.io/subject: Pod
10    policies.kyverno.io/description: >-
11      A Pod may optionally specify a priorityClassName which indicates the scheduling
12      priority relative to others. This requires creation of a PriorityClass object in advance.
13      With this created, a Pod may set this field to that value. In a multi-tenant environment,
14      it is often desired to require this priorityClassName be set to make certain tenant
15      scheduling guarantees. This policy requires that a Pod defines the priorityClassName field
16      with some value.      
17spec:
18  validationFailureAction: enforce
19  background: true
20  rules:
21  - name: check-priorityclassname
22    match:
23      any:
24      - resources:
25          kinds:
26          - Pod
27    validate:
28      message: "Pods must define the priorityClassName field."
29      pattern:
30        spec:
31          priorityClassName: "?*"

Create policy issue