All Policies

Mutate termination Grace Periods Seconds

Pods with large terminationGracePeriodSeconds (tGPS) might prevent cluster nodes from getting drained, ultimately making the whole cluster unstable. This policy mutates all incoming Pods to set their tGPS under 50s. If the user creates a pod without specifying tGPS, then the Kubernetes default of 30s is maintained.

Policy Definition

/other/mutate-large-termination-gps.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: mutate-termination-grace-period-seconds
 5  annotations:
 6    policies.kyverno.io/title: Mutate termination Grace Periods Seconds
 7    policies.kyverno.io/category: Sample
 8    policies.kyverno.io/severity: medium
 9    policies.kyverno.io/subject: Pod
10    policies.kyverno.io/description: >-
11      Pods with large terminationGracePeriodSeconds (tGPS) might prevent cluster nodes
12      from getting drained, ultimately making the whole cluster unstable. This policy
13      mutates all incoming Pods to set their tGPS under 50s. If the user creates a pod
14      without specifying tGPS, then the Kubernetes default of 30s is maintained.      
15spec:
16  background: false
17  rules:
18    - name: mutate-termination-grace-period-seconds
19      match:
20        resources:
21          kinds:
22            - Pod
23      preconditions:
24        all:
25        - key: "{{request.object.spec.terminationGracePeriodSeconds}}"
26          operator: GreaterThan
27          value: 50   # maximum tGPS allowed by cluster admin
28      mutate:
29        patchStrategicMerge:
30          spec:
31            terminationGracePeriodSeconds: 50
32
Create policy issue