Requests And Limits + Kubernetes Collector
Enforce Requests And Limits using data collected by Kubernetes Collector. Automatically check deployment and infrastructure standards on every PR.
How Kubernetes Collector Powers This Guardrail
The Kubernetes Collector gathers metadata from your orchestration, containers systems. This data flows into Lunar's Component JSON, where the Requests And Limits guardrail evaluates it against your standards.
When enabled, this check runs automatically on every PR and in AI coding workflows, providing real-time enforcement with actionable feedback.
Quick Start Configuration
Add both the collector and policy to your lunar-config.yml to enable this guardrail.
# Step 1: Enable the Kubernetes Collector
collectors:
- uses: github://earthly/lunar-lib/collectors/k8s@v1.0.0
# with: ...
# Step 2: Enable the Kubernetes Guardrails
policies:
- uses: github://earthly/lunar-lib/policies/k8s@v1.0.0
include: [requests-and-limits]
# with: ...What Kubernetes Collector Collects
This collector gathers the following data that the Requests And Limits guardrail evaluates.
k8s
Parses all Kubernetes manifests in the repository using kubeconform validation and collects:
- Manifest validity and parse errors
- Workloads (Deployments, StatefulSets, DaemonSets, Jobs, CronJobs)
- Container specs with resource requests/limits and probes
- PodDisruptionBudgets (PDBs)
- HorizontalPodAutoscalers (HPAs)
Example Data Flow
Here's an example of the data that Kubernetes Collector writes to the Component JSON, which Requests And Limits then evaluates.
{
"k8s": {
"source": {
"tool": "kubeconform",
"version": "0.6.7"
},
"manifests": [
{
"path": "deploy/deployment.yaml",
"valid": true,
"resources": [
{"kind": "Deployment", "name": "payment-api", "namespace": "payments"}
]
}
],
"workloads": [
{
"kind": "Deployment",
"name": "payment-api",
"namespace": "payments",
"path": "deploy/deployment.yaml",
"replicas": 3,
"containers": [
{
"name": "api",
"image": "gcr.io/acme/payment-api:v1.2.3",
"has_resources": true,
"has_requests": true,
"has_limits": true,
"cpu_request": "100m",
"cpu_limit": "500m",
"memory_request": "128Mi",
"memory_limit": "512Mi",
"has_liveness_probe": true,
"has_readiness_probe": true,
"runs_as_non_root": true,
"read_only_root_fs": true,
"privileged": false
}
]
}
],
"pdbs": [
{
"name": "payment-api-pdb",
"namespace": "payments",
"path": "deploy/pdb.yaml",
"target_workload": "payment-api",
"min_available": 2
}
],
"hpas": [
{
"name": "payment-api-hpa",
"namespace": "payments",
"path": "deploy/hpa.yaml",
"target_workload": "payment-api",
"min_replicas": 3,
"max_replicas": 10
}
]
}
}Configuration Options
Kubernetes Collector Inputs
| Input | Required | Default | Description |
|---|---|---|---|
find_command |
Optional |
find . -type f \( -name '*.yaml' -o -name '*.yml' \)
|
Command to find K8s manifest files (must output one file path per line) |
Kubernetes Guardrails Inputs
| Input | Required | Default | Description |
|---|---|---|---|
min_replicas |
Optional |
3
|
Minimum replicas required for HPAs (default 3) |
max_limit_to_request_ratio |
Optional |
4
|
Maximum ratio of limits to requests for CPU/memory (default 4) |
Ready to Automate Your Standards?
See how Lunar can turn your engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.
Infrastructure conventions
Post-mortem action items
Security & compliance policies
Testing & quality requirements