mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
add sample policy for deployments
This commit is contained in:
parent
2e5c26e31e
commit
e76ce41b95
3 changed files with 65 additions and 0 deletions
|
@ -37,6 +37,7 @@ These policies provide additional best practices and are worthy of close conside
|
||||||
1. [Restrict User Group](CheckUserGroup.md)
|
1. [Restrict User Group](CheckUserGroup.md)
|
||||||
1. [Require pods are labeled](RequireLabels.md)
|
1. [Require pods are labeled](RequireLabels.md)
|
||||||
1. [Require pods have certain labels](RequireCertainLabels.md)
|
1. [Require pods have certain labels](RequireCertainLabels.md)
|
||||||
|
1. [Require Deployments have multiple replicas](RequireDeploymentsHaveReplicas.md)
|
||||||
|
|
||||||
## Applying the sample policies
|
## Applying the sample policies
|
||||||
|
|
||||||
|
|
40
samples/RequireDeploymentsHaveReplicas.md
Normal file
40
samples/RequireDeploymentsHaveReplicas.md
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
# Require deployments have multiple replicas
|
||||||
|
|
||||||
|
Deployments with only a single replica produce availability concerns should that single replica fail. In most cases, you would want Deployment objects to have more than one replica to ensure continued availability if not scale.
|
||||||
|
|
||||||
|
This sample policy requires that Deployments have more than one replica excluding a list of system namespaces.
|
||||||
|
|
||||||
|
## More Information
|
||||||
|
|
||||||
|
* [Kubernetes Deployments](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/)
|
||||||
|
|
||||||
|
## Policy YAML
|
||||||
|
|
||||||
|
[require_deployments_have_multiple_replicas.yaml](more/require_deployments_have_multiple_replicas.yaml)
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
apiVersion: kyverno.io/v1
|
||||||
|
kind: ClusterPolicy
|
||||||
|
metadata:
|
||||||
|
name: deployment-has-multiple-replicas
|
||||||
|
spec:
|
||||||
|
validationFailureAction: audit
|
||||||
|
rules:
|
||||||
|
- name: deployment-has-multiple-replicas
|
||||||
|
match:
|
||||||
|
resources:
|
||||||
|
kinds:
|
||||||
|
- Deployment
|
||||||
|
exclude:
|
||||||
|
resources:
|
||||||
|
namespaces:
|
||||||
|
- kyverno
|
||||||
|
- kube-system
|
||||||
|
- kube-node-lease
|
||||||
|
- kube-public
|
||||||
|
validate:
|
||||||
|
message: "Deployments must have more than one replica to ensure availability."
|
||||||
|
pattern:
|
||||||
|
spec:
|
||||||
|
replicas: ">1"
|
||||||
|
```
|
24
samples/more/require_deployments_have_multiple_replicas.yaml
Normal file
24
samples/more/require_deployments_have_multiple_replicas.yaml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
apiVersion: kyverno.io/v1
|
||||||
|
kind: ClusterPolicy
|
||||||
|
metadata:
|
||||||
|
name: deployment-has-multiple-replicas
|
||||||
|
spec:
|
||||||
|
validationFailureAction: audit
|
||||||
|
rules:
|
||||||
|
- name: deployment-has-multiple-replicas
|
||||||
|
match:
|
||||||
|
resources:
|
||||||
|
kinds:
|
||||||
|
- Deployment
|
||||||
|
exclude:
|
||||||
|
resources:
|
||||||
|
namespaces:
|
||||||
|
- kyverno
|
||||||
|
- kube-system
|
||||||
|
- kube-node-lease
|
||||||
|
- kube-public
|
||||||
|
validate:
|
||||||
|
message: "Deployments must have more than one replica to ensure availability."
|
||||||
|
pattern:
|
||||||
|
spec:
|
||||||
|
replicas: ">1"
|
Loading…
Reference in a new issue