All Policies

Validate Probes

Liveness and readiness probes accomplish different goals, and setting both to the same is an anti-pattern and often results in app problems in the future. This policy checks that liveness and readiness probes are not equal.

Policy Definition

/other/ensure_probes_different.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: validate-probes  
 5  annotations:
 6    pod-policies.kyverno.io/autogen-controllers: none  
 7    policies.kyverno.io/title: Validate Probes
 8    policies.kyverno.io/category: Sample
 9    policies.kyverno.io/severity: medium
10    policies.kyverno.io/minversion: 1.3.6
11    policies.kyverno.io/subject: Pod
12    policies.kyverno.io/description: >-
13      Liveness and readiness probes accomplish different goals, and setting both to the same
14      is an anti-pattern and often results in app problems in the future. This policy
15      checks that liveness and readiness probes are not equal.      
16spec:
17  validationFailureAction: audit
18  background: false
19  rules:
20    - name: validate-probes
21      match:
22        resources:
23          kinds:
24          - Deployment
25          - DaemonSet
26          - StatefulSet
27      validate:
28        message: "Liveness and readiness probes cannot be the same."
29        deny:
30          conditions:
31          - key: "{{ request.object.spec.template.spec.containers[?readinessProbe==livenessProbe] | length(@) }}"
32            operator: GreaterThan
33            value: "0"
Create policy issue