[hi] add example policy Part 2

jayeshmahajan · jayeshmahajan · commit 99839b87ef36 · 2025-05-15T21:34:40.000-04:00
diff --git a/content/hi/examples/policy/priority-class-resourcequota.yaml b/content/hi/examples/policy/priority-class-resourcequota.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: pods-cluster-services
+spec:
+  scopeSelector:
+    matchExpressions:
+      - operator : In
+        scopeName: PriorityClass
+        values: ["cluster-services"]
diff --git a/content/hi/examples/policy/privileged-psp.yaml b/content/hi/examples/policy/privileged-psp.yaml
@@ -0,0 +1,27 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: privileged
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+spec:
+  privileged: true
+  allowPrivilegeEscalation: true
+  allowedCapabilities:
+  - '*'
+  volumes:
+  - '*'
+  hostNetwork: true
+  hostPorts:
+  - min: 0
+    max: 65535
+  hostIPC: true
+  hostPID: true
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'RunAsAny'
+  fsGroup:
+    rule: 'RunAsAny'
diff --git a/content/hi/examples/policy/quota-vac.yaml b/content/hi/examples/policy/quota-vac.yaml
@@ -0,0 +1,42 @@
+apiVersion: v1
+kind: List
+items:
+- apiVersion: v1
+  kind: ResourceQuota
+  metadata:
+    name: pvcs-gold
+  spec:
+    hard:
+      requests.storage: "10Gi"
+      persistentvolumeclaims: "10"
+    scopeSelector:
+      matchExpressions:
+      - operator: In
+        scopeName: VolumeAttributesClass
+        values: ["gold"]
+- apiVersion: v1
+  kind: ResourceQuota
+  metadata:
+    name: pvcs-silver
+  spec:
+    hard:
+      requests.storage: "20Gi"
+      persistentvolumeclaims: "10"
+    scopeSelector:
+      matchExpressions:
+      - operator: In
+        scopeName: VolumeAttributesClass
+        values: ["silver"]
+- apiVersion: v1
+  kind: ResourceQuota
+  metadata:
+    name: pvcs-copper
+  spec:
+    hard:
+      requests.storage: "30Gi"
+      persistentvolumeclaims: "10"
+    scopeSelector:
+      matchExpressions:
+      - operator: In
+        scopeName: VolumeAttributesClass
+        values: ["copper"]
diff --git a/content/hi/examples/policy/quota.yaml b/content/hi/examples/policy/quota.yaml
@@ -0,0 +1,45 @@
+apiVersion: v1
+kind: List
+items:
+- apiVersion: v1
+  kind: ResourceQuota
+  metadata:
+    name: pods-high
+  spec:
+    hard:
+      cpu: "1000"
+      memory: "200Gi"
+      pods: "10"
+    scopeSelector:
+      matchExpressions:
+      - operator: In
+        scopeName: PriorityClass
+        values: ["high"]
+- apiVersion: v1
+  kind: ResourceQuota
+  metadata:
+    name: pods-medium
+  spec:
+    hard:
+      cpu: "10"
+      memory: "20Gi"
+      pods: "10"
+    scopeSelector:
+      matchExpressions:
+      - operator: In
+        scopeName: PriorityClass
+        values: ["medium"]
+- apiVersion: v1
+  kind: ResourceQuota
+  metadata:
+    name: pods-low
+  spec:
+    hard:
+      cpu: "5"
+      memory: "10Gi"
+      pods: "10"
+    scopeSelector:
+      matchExpressions:
+      - operator: In
+        scopeName: PriorityClass
+        values: ["low"]
