---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  annotations:
    pod-policies.kyverno.io/autogen-controllers: DaemonSet,Deployment,StatefulSet
  name: validate-probes
spec:
  admission: true
  background: false
  rules:
  - match:
      any:
      - resources:
          kinds:
          - Pod
    name: validate-probes-c0
    validate:
      deny:
        conditions:
        - key: '{{ request.object.spec.containers[0].readinessProbe }}'
          operator: Equals
          value: '{{ request.object.spec.containers[0].livenessProbe }}'
      message: Liveness and readiness probes cannot be the same.
  - match:
      any:
      - resources:
          kinds:
          - Pod
    name: validate-probes-c1
    validate:
      deny:
        conditions:
        - key: '{{ request.object.spec.containers[1].readinessProbe }}'
          operator: Equals
          value: '{{ request.object.spec.containers[1].livenessProbe }}'
      message: Liveness and readiness probes cannot be the same.
  - match:
      any:
      - resources:
          kinds:
          - Pod
    name: validate-probes-c2
    validate:
      deny:
        conditions:
        - key: '{{ request.object.spec.containers[2].readinessProbe }}'
          operator: Equals
          value: '{{ request.object.spec.containers[2].livenessProbe }}'
      message: Liveness and readiness probes cannot be the same.
  - match:
      any:
      - resources:
          kinds:
          - Pod
    name: validate-probes-c3
    validate:
      deny:
        conditions:
        - key: '{{ request.object.spec.containers[3].readinessProbe }}'
          operator: Equals
          value: '{{ request.object.spec.containers[3].livenessProbe }}'
      message: Liveness and readiness probes cannot be the same.
  validationFailureAction: Enforce