Back to Policies

Limit Containers per Pod in CEL expressions

Pods can have many different containers which are tightly coupled. It may be desirable to limit the amount of containers that can be in a single Pod to control best practice application or so policy can be applied consistently. This policy checks all Pods to ensure they have no more than four containers.

View on GitHub

Policy Definition 

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: limit-containers-per-pod
  annotations:
    policies.kyverno.io/title: Limit Containers per Pod in CEL expressions
    policies.kyverno.io/category: Sample in CEL
    policies.kyverno.io/minversion: 1.11.0
    kyverno.io/kubernetes-version: 1.26-1.27
    policies.kyverno.io/subject: Pod
    policies.kyverno.io/description: Pods can have many different containers which are tightly coupled. It may be desirable to limit the amount of containers that can be in a single Pod to control best practice application or so policy can be applied consistently. This policy checks all Pods to ensure they have no more than four containers.
spec:
  validationFailureAction: Audit
  background: false
  rules:
    - name: limit-containers-per-pod
      match:
        any:
          - resources:
              kinds:
                - Pod
              operations:
                - CREATE
                - UPDATE
      validate:
        cel:
          expressions:
            - expression: size(object.spec.containers) <= 4
              message: Pods can only have a maximum of 4 containers.

Related Policies

ValidateMedium

Prevent Use of Default Project

This policy prevents the use of the default project in an Application.

Application
ValidateMedium

Prevent Updates to Project

This policy prevents updates to the project field after an Application is created.

Application
ValidateMedium

Ensure ApplicationSet Name Matches Project

This policy ensures that the name of the ApplicationSet is the same value provided in the project.

ApplicationSet