We extended JSON Schema with the keywords resourceMinimum and resourceMaximum to help create custom rules for comparing resource quotas strings (CPU and memory) like 1000m and 1G. Here's an example check for when memory and CPU fall within a certain range.
Let's say we want to make sure that Kubernetes configs always have a CPU limit within the range of 250m-500m. This is how the custom rule to check that would look:
And this is how the policy would look:
Let's test this manifest after publishing the policy.
This manifest will fail because it has a container (cpu-demo) with a CPU limit larger than 500m: