convert memory-requests-equal-limits to cel

Signed-off-by: Chandan-DK <chandandk468@gmail.com>

other-cel/memory-requests-equal-limits/artifacthub-pkg.yml

@@ -1,21 +1,24 @@
-name: memory-requests-equal-limits
+name: memory-requests-equal-limits-cel
 version: 1.0.0
-displayName: Memory Requests Equal Limits
-createdAt: "2023-04-10T20:30:04.000Z"
+displayName: Memory Requests Equal Limits in CEL expressions
 description: >-
   Pods which have memory limits equal to requests are given a QoS class of Guaranteed which is the highest schedulable class. This policy checks that all containers in a given Pod have memory requests equal to limits.
 install: |-
   ```shell
-  kubectl apply -f https://raw.githubusercontent.com/kyverno/policies/main/other/memory-requests-equal-limits/memory-requests-equal-limits.yaml
+  kubectl apply -f https://raw.githubusercontent.com/kyverno/policies/main/other-cel/memory-requests-equal-limits/memory-requests-equal-limits.yaml
   ```
 keywords:
   - kyverno
   - Sample
+  - CEL Expressions
 readme: |
   Pods which have memory limits equal to requests are given a QoS class of Guaranteed which is the highest schedulable class. This policy checks that all containers in a given Pod have memory requests equal to limits.
   
   Refer to the documentation for more details on Kyverno annotations: https://artifacthub.io/docs/topics/annotations/kyverno/
 annotations:
-  kyverno/category: "Sample"
+  kyverno/category: "Sample in CEL"
+  kyverno/kubernetesVersion: "1.26-1.27"
   kyverno/subject: "Pod"
-digest: 634be7d8371928ed519a4576f84751fd423ae3d3e6e9146bb2280910dc8954c5
+digest: 176dc9b492d3eee687bc89711d3414f13bf00548b85781e71ccaacd12bbf6f1a
+createdAt: "2024-04-07T11:13:21Z"
+

other-cel/memory-requests-equal-limits/memory-requests-equal-limits.yaml

@@ -3,17 +3,18 @@ kind: ClusterPolicy
 metadata:
   name: memory-requests-equal-limits
   annotations:
-    policies.kyverno.io/title: Memory Requests Equal Limits
-    policies.kyverno.io/category: Sample
+    policies.kyverno.io/title: Memory Requests Equal Limits in CEL expressions
+    policies.kyverno.io/category: Sample in CEL 
     policies.kyverno.io/severity: medium
     policies.kyverno.io/subject: Pod
-    policies.kyverno.io/minversion: 1.6.0
+    policies.kyverno.io/minversion: 1.11.0
+    kyverno.io/kubernetes-version: "1.26-1.27"
     policies.kyverno.io/description: >-
       Pods which have memory limits equal to requests could be given a QoS class of Guaranteed if
       they also set CPU limits equal to requests. Guaranteed is the highest schedulable class. 
       This policy checks that all containers in a given Pod have memory requests equal to limits.
 spec:
-  validationFailureAction: audit
+  validationFailureAction: Audit
   background: false
   rules:
   - name: memory-requests-equal-limits
@@ -23,10 +24,15 @@ spec:
           kinds:
           - Pod
     validate:
-      message: "resources.requests.memory must be equal to resources.limits.memory"
-      deny:
-        conditions:
-          any:
-          - key: "{{ request.object.spec.containers[?resources.requests.memory!=resources.limits.memory] | length(@) }}"
-            operator: NotEquals
-            value: 0
+      cel:
+        variables:
+          - name: containersWithResources
+            expression: object.spec.containers.filter(container, has(container.resources))
+        expressions:
+        - expression: >-
+            variables.containersWithResources.all(container, 
+            !has(container.resources.requests) ||
+            !has(container.resources.requests.memory) ||
+            container.resources.requests.memory == container.resources.?limits.?memory.orValue('-1'))
+          message: "resources.requests.memory must be equal to resources.limits.memory"
+