Skip to main content

Policy

Policies defines the cluster resource usages and restricts the deployment of Kubernetes Objects to meet recommended best practices. Following are different types of policies that can be viewed at the cluster level in the Resource Types - Policy section

  • Limit Ranges
  • Resource Quotas
  • Network Policies
  • Pod Disruption Budgets
  • Pod Security Policies

A LimitRange is a policy to limit resource allocations (limits and requests) specified to respective objects kind such as Pod, PersistentVolumeClaim in a namespace. Resource allocation is used to specify resources that are needed and at the same time ensure resources are not over consumed by the object. Karpenter isKubernetesautoscaler helps to deploy right-sized resources based on the application demand. Refer Karpenter section to configure autoscaling in EKS Cluster.

Resource Quotas, are hard limit defined at the namespace level and the objects like pods, services, compute resources like cpu and memory should be created with in the hard limit, else it will be rejected defined by a ResourceQuota object.

A NetworkPolicy establish the communication between source and the destinations, for example ingress and egress of the pod is controlled using network policies.

Pod Disruption Budget is a way to mitigate disruptions that can happen to a pod such as deletion, updates to deployments, removal of pod etc. More information on the types of disruptions that can happen to pods.

The following screenshot displays a list of the PodDistributionBudgets by namespace.

Insights

Let's examine the Pod Disruption Budget for karpenter, you can see the details of this resource such as the namespace and the parameters that needs to be matched for this Pod Disruption Budget. In the below screenshot, max unavailable = 1 is set, which means the maximum number of karpenter pods that can be unavailable is 1.

Insights