Add Safe To Evict

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: add-safe-to-evict
 5  annotations:
 6    policies.kyverno.io/category: Other
 7    policies.kyverno.io/subject: Pod,Annotation
 8    policies.kyverno.io/minversion: 1.4.3
 9    policies.kyverno.io/description: >-
10      The Kubernetes cluster autoscaler does not evict pods that 
11      use hostPath or emptyDir volumes. To allow eviction of these pods, the annotation 
12      cluster-autoscaler.kubernetes.io/safe-to-evict=true must be added to the pods.       
13spec: 
14  rules: 
15  - name: annotate-empty-dir
16    match:
17      resources:
18        kinds:
19        - Pod
20    mutate:
21      patchStrategicMerge:
22        metadata:
23          annotations:
24            +(cluster-autoscaler.kubernetes.io/safe-to-evict): "true"
25        spec:          
26          volumes: 
27          - <(emptyDir): {}
28  - name: annotate-host-path
29    match:
30      resources:
31        kinds:
32        - Pod
33    mutate:
34      patchStrategicMerge:
35        metadata:
36          annotations:
37            +(cluster-autoscaler.kubernetes.io/safe-to-evict): "true"
38        spec:          
39          volumes: 
40          - hostPath:
41              <(path): "*"
42