All Policies

Mutate termination Grace Periods Seconds

Pods with large terminationGracePeriodSeconds (tGPS) might prevent cluster nodes from getting drained, ultimately making the whole cluster unstable. This policy mutates all incoming Pods to set their tGPS under 50s. If the user creates a pod without specifying tGPS, then the Kubernetes default of 30s is maintained.

Policy Definition

/other/mutate-large-termination-gps/mutate-large-termination-gps.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: mutate-termination-grace-period-seconds
 5  annotations:
 6    policies.kyverno.io/title: Mutate termination Grace Periods Seconds
 7    policies.kyverno.io/category: Sample
 8    policies.kyverno.io/severity: medium
 9    kyverno.io/kyverno-version: 1.6.2
10    kyverno.io/kubernetes-version: "1.23"
11    policies.kyverno.io/subject: Pod
12    policies.kyverno.io/description: >-
13      Pods with large terminationGracePeriodSeconds (tGPS) might prevent cluster nodes
14      from getting drained, ultimately making the whole cluster unstable. This policy
15      mutates all incoming Pods to set their tGPS under 50s. If the user creates a pod
16      without specifying tGPS, then the Kubernetes default of 30s is maintained.      
17spec:
18  background: false
19  rules:
20    - name: mutate-termination-grace-period-seconds
21      match:
22        resources:
23          kinds:
24            - Pod
25      preconditions:
26        all:
27        - key: "{{request.object.spec.terminationGracePeriodSeconds || `0` }}"
28          operator: GreaterThan
29          value: 50   # maximum tGPS allowed by cluster admin
30      mutate:
31        patchStrategicMerge:
32          spec:
33            terminationGracePeriodSeconds: 50
Create policy issue