From fb5db9293a95a20fca6bf10bb4b07e91a22c6095 Mon Sep 17 00:00:00 2001 From: Mondo Diaz Date: Thu, 15 Jan 2026 19:40:02 +0000 Subject: [PATCH] Add resource limits to init containers for Kyverno compliance --- CHANGELOG.md | 1 + helm/orchard/templates/deployment.yaml | 14 ++++++++++++++ 2 files changed, 15 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 60a0437..17172b8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -32,6 +32,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Fixed static file serving for favicon and other files in frontend dist root - Fixed deploy jobs running when secrets scan fails (added `secrets` to deploy dependencies) - Fixed dev environment memory requests to equal limits per cluster Kyverno policy +- Fixed init containers missing resource limits (Kyverno policy compliance) ### Removed - Removed unused `store_streaming()` method from storage.py (#51) diff --git a/helm/orchard/templates/deployment.yaml b/helm/orchard/templates/deployment.yaml index 3a8c97b..1353547 100644 --- a/helm/orchard/templates/deployment.yaml +++ b/helm/orchard/templates/deployment.yaml @@ -37,12 +37,26 @@ spec: image: "{{ .Values.initContainer.image.repository }}:{{ .Values.initContainer.image.tag }}" imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }} command: ['sh', '-c', 'until nc -z {{ include "orchard.postgresql.host" . }} 5432; do echo waiting for database; sleep 2; done;'] + resources: + limits: + cpu: 50m + memory: 32Mi + requests: + cpu: 10m + memory: 32Mi {{- end }} {{- if .Values.minio.enabled }} - name: wait-for-minio image: "{{ .Values.initContainer.image.repository }}:{{ .Values.initContainer.image.tag }}" imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }} command: ['sh', '-c', 'until nc -z {{ .Release.Name }}-minio 9000; do echo waiting for minio; sleep 2; done;'] + resources: + limits: + cpu: 50m + memory: 32Mi + requests: + cpu: 10m + memory: 32Mi {{- end }} containers: - name: {{ .Chart.Name }}