mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity
kyverno/samples/RequirePodProbes.md
Chip Zoller c52f07b615
new samples; updates (#1259) 
* new samples; updates

* typos

* add policy to restrict LoadBalancer

* correct sample numbering

* fix typos
2020-11-16 13:39:59 -08:00

1.7 KiB
Raw Blame History

Require livenessProbe and readinessProbe

Liveness and readiness probes need to be configured to correctly manage a pod's lifecycle during deployments, restarts, and upgrades.

For each pod, a periodic livenessProbe is performed by the kubelet to determine if the pod's containers are running or need to be restarted. A readinessProbe is used by services and deployments to determine if the pod is ready to receive network traffic.

In this sample policy, a validation rule checks to ensure that all Pods have both a liveness and a readiness probe defined by looking at the periodSeconds field. By using the annotation pod-policies.kyverno.io/autogen-controllers, it modifies the default behavior and ensures that only Pods originating from DaemonSet, Deployment, and StatefulSet objects are validated.

More Information

Policy YAML

require_probes.yaml

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: require-pod-probes
  annotations:
    pod-policies.kyverno.io/autogen-controllers: DaemonSet,Deployment,StatefulSet
spec:
  validationFailureAction: audit
  rules:
  - name: validate-livenessProbe-readinessProbe
    match:
      resources:
        kinds:
        - Pod
    validate:
      message: "Liveness and readiness probes are required"
      pattern:
        spec:
          containers:
          - livenessProbe:
              periodSeconds: ">0"
            readinessProbe:
              periodSeconds: ">0"