Add resource limits to init containers for Kyverno compliance

CHANGELOG.md

@@ -32,6 +32,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fixed static file serving for favicon and other files in frontend dist root
 - Fixed deploy jobs running when secrets scan fails (added `secrets` to deploy dependencies)
 - Fixed dev environment memory requests to equal limits per cluster Kyverno policy
+- Fixed init containers missing resource limits (Kyverno policy compliance)
 
 ### Removed
 - Removed unused `store_streaming()` method from storage.py (#51)

helm/orchard/templates/deployment.yaml

@@ -37,12 +37,26 @@ spec:
           image: "{{ .Values.initContainer.image.repository }}:{{ .Values.initContainer.image.tag }}"
           imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }}
           command: ['sh', '-c', 'until nc -z {{ include "orchard.postgresql.host" . }} 5432; do echo waiting for database; sleep 2; done;']
+          resources:
+            limits:
+              cpu: 50m
+              memory: 32Mi
+            requests:
+              cpu: 10m
+              memory: 32Mi
         {{- end }}
         {{- if .Values.minio.enabled }}
         - name: wait-for-minio
           image: "{{ .Values.initContainer.image.repository }}:{{ .Values.initContainer.image.tag }}"
           imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }}
           command: ['sh', '-c', 'until nc -z {{ .Release.Name }}-minio 9000; do echo waiting for minio; sleep 2; done;']
+          resources:
+            limits:
+              cpu: 50m
+              memory: 32Mi
+            requests:
+              cpu: 10m
+              memory: 32Mi
         {{- end }}
       containers:
         - name: {{ .Chart.Name }}