---
# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/clusterpolicy_v1.json
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: remove-cpu-limit
  annotations:
    policies.kyverno.io/title: Remove CPU limits
    policies.kyverno.io/category: Best Practices
    policies.kyverno.io/severity: medium
    policies.kyverno.io/subject: Pod
    policies.kyverno.io/description: >-
      This policy removes CPU limits from all Pods.
    pod-policies.kyverno.io/autogen-controllers: none
spec:
  generateExistingOnPolicyUpdate: true
  rules:
    - name: remove-containers-cpu-limits
      match:
        any:
          - resources:
              kinds: ["Pod"]
      mutate:
        foreach:
          - list: "request.object.spec.containers"
            patchesJson6902: |-
              - path: /spec/containers/{{elementIndex}}/resources/limits/cpu
                op: remove
    - name: delete-initcontainers-cpu-limits
      match:
        any:
          - resources:
              kinds: ["Pod"]
      preconditions:
        all:
          - key: "{{ request.object.spec.initContainers[] || `[]` | length(@) }}"
            operator: GreaterThanOrEquals
            value: 1
      mutate:
        foreach:
          - list: "request.object.spec.initContainers"
            patchesJson6902: |-
              - path: /spec/initContainers/{{elementIndex}}/resources/limits/cpu
                op: remove