Annotation Reference¶
k8s.sustain.io/policy¶
This annotation is the only way to opt a workload into a policy. It must be set on the workload's pod template so that pods inherit it automatically.
The value is the name of a cluster-scoped Policy object.
Placement by workload kind¶
apiVersion: batch/v1
kind: CronJob
metadata:
name: my-job
namespace: production
spec:
schedule: "0 * * * *"
jobTemplate:
spec:
template:
metadata:
annotations:
k8s.sustain.io/policy: production-rightsizing # (1)!
spec:
containers:
- name: worker
image: my-worker:latest
- Note: the annotation is two levels deep — inside
jobTemplate.spec.template.
Adding the annotation imperatively¶
# Deployment
kubectl patch deployment my-app -n production \
--type=merge \
-p='{"spec":{"template":{"metadata":{"annotations":{"k8s.sustain.io/policy":"production-rightsizing"}}}}}'
# CronJob
kubectl patch cronjob my-job -n production \
--type=merge \
-p='{"spec":{"jobTemplate":{"spec":{"template":{"metadata":{"annotations":{"k8s.sustain.io/policy":"production-rightsizing"}}}}}}}'
Removing a workload from a policy¶
Delete the annotation from the pod template. The controller will stop reconciling the workload on the next interval; existing resources are not reverted.
Note
The - suffix on the annotation key tells kubectl annotate to remove it.
How the annotation is consumed¶
| Component | Where it reads the annotation |
|---|---|
| Controller | workload.spec.template.metadata.annotations (for Deployment/StatefulSet/DaemonSet) or cronJob.spec.jobTemplate.spec.template.metadata.annotations |
| Webhook | pod.metadata.annotations — pods inherit it from the pod template automatically |