Skip to content

Commit

Permalink
feat: add 5 new probe rules (datreeio#690)
Browse files Browse the repository at this point in the history 
* feat: add 5 new probe rules

* feat: fix titles

* feat: fix titles

* add tests

* revise failure message

* fix rule titles
  • Loading branch information
@hadar-co
hadar-co committed Jun 26, 2022
1 parent 39d59f2 commit f1f0e61
Show file tree
Hide file tree
Showing 12 changed files with 631 additions and 3 deletions.
270 changes: 270 additions & 0 deletions pkg/defaultRules/defaultRules.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1548,3 +1548,273 @@ rules:
anyOf:
- $ref: "#/definitions/metadataNamePattern"
- $ref: "#/definitions/metadataGenerateNamePattern"
- id: 55
name: Ensure each container probe has an initial delay configured
uniqueName: CONTAINERS_INCORRECT_INITIALDELAYSECONDS_VALUE
enabledByDefault: false
documentationUrl: "https://hub.datree.io/built-in-rules/ensure-initial-probe-delay"
messageOnFailure: "Incorrect value for key `initialDelaySeconds` - set explicitly to control the start time before a probe is initiated (min 0)"
category: Containers
schema:
definitions:
probePattern:
if:
properties:
spec:
properties:
containers:
items:
anyOf:
- required:
- livenessProbe
- required:
- readinessProbe
- required:
- startupProbe
then:
properties:
spec:
properties:
containers:
items:
properties:
livenessProbe:
properties:
initialDelaySeconds:
minimum: 0
required:
- initialDelaySeconds
readinessProbe:
properties:
initialDelaySeconds:
minimum: 0
required:
- initialDelaySeconds
startupProbe:
properties:
initialDelaySeconds:
minimum: 0
required:
- initialDelaySeconds
allOf:
- $ref: "#/definitions/probePattern"
additionalProperties:
$ref: "#"
items:
$ref: "#"
- id: 56
name: Ensure each container probe has a configured frequency
uniqueName: CONTAINERS_INCORRECT_PERIODSECONDS_VALUE
enabledByDefault: false
documentationUrl: "https://hub.datree.io/built-in-rules/ensure-probe-frequency"
messageOnFailure: "Incorrect value for key `periodSeconds` - set explicitly to control how often a probe is performed (min 1)"
category: Containers
schema:
definitions:
probePattern:
if:
properties:
spec:
properties:
containers:
items:
anyOf:
- required:
- livenessProbe
- required:
- readinessProbe
- required:
- startupProbe
then:
properties:
spec:
properties:
containers:
items:
properties:
livenessProbe:
properties:
periodSeconds:
minimum: 1
required:
- periodSeconds
readinessProbe:
properties:
periodSeconds:
minimum: 1
required:
- periodSeconds
startupProbe:
properties:
periodSeconds:
minimum: 1
required:
- periodSeconds
allOf:
- $ref: "#/definitions/probePattern"
additionalProperties:
$ref: "#"
items:
$ref: "#"
- id: 57
name: Ensure each container probe has a configured timeout
uniqueName: CONTAINERS_INCORRECT_TIMEOUTSECONDS_VALUE
enabledByDefault: false
documentationUrl: "https://hub.datree.io/built-in-rules/ensure-probe-timeout"
messageOnFailure: "Incorrect value for key `timeoutSeconds` - set explicitly to control when a probe times out (min 1)"
category: Containers
schema:
definitions:
probePattern:
if:
properties:
spec:
properties:
containers:
items:
anyOf:
- required:
- livenessProbe
- required:
- readinessProbe
- required:
- startupProbe
then:
properties:
spec:
properties:
containers:
items:
properties:
livenessProbe:
properties:
timeoutSeconds:
minimum: 1
required:
- timeoutSeconds
readinessProbe:
properties:
timeoutSeconds:
minimum: 1
required:
- timeoutSeconds
startupProbe:
properties:
timeoutSeconds:
minimum: 1
required:
- timeoutSeconds
allOf:
- $ref: "#/definitions/probePattern"
additionalProperties:
$ref: "#"
items:
$ref: "#"
- id: 58
name: Ensure each container probe has a configured minimum success threshold
uniqueName: CONTAINERS_INCORRECT_SUCCESSTHRESHOLD_VALUE
enabledByDefault: false
documentationUrl: "https://hub.datree.io/built-in-rules/ensure-probe-min-success-threshold"
messageOnFailure: "Incorrect value for key `successThreshold` - set explicitly to control when a probe is considered successful after having failed"
category: Containers
schema:
definitions:
probePattern:
if:
properties:
spec:
properties:
containers:
items:
anyOf:
- required:
- livenessProbe
- required:
- readinessProbe
- required:
- startupProbe
then:
properties:
spec:
properties:
containers:
items:
properties:
livenessProbe:
properties:
successThreshold:
const: 1
required:
- successThreshold
readinessProbe:
properties:
successThreshold:
minimum: 1
required:
- successThreshold
startupProbe:
properties:
successThreshold:
const: 1
required:
- successThreshold
allOf:
- $ref: "#/definitions/probePattern"
additionalProperties:
$ref: "#"
items:
$ref: "#"
- id: 59
name: Ensure each container probe has a configured failure threshold
uniqueName: CONTAINERS_INCORRECT_FAILURETHRESHOLD_VALUE
enabledByDefault: false
documentationUrl: "https://hub.datree.io/built-in-rules/ensure-probe-failure-threshold"
messageOnFailure: "Incorrect value for key `failureThreshold` - set explicitly to control the number of retries after a probe fails (min 1)"
category: Containers
schema:
definitions:
probePattern:
if:
properties:
spec:
properties:
containers:
items:
anyOf:
- required:
- livenessProbe
- required:
- readinessProbe
- required:
- startupProbe
then:
properties:
spec:
properties:
containers:
items:
properties:
livenessProbe:
properties:
failureThreshold:
minimum: 1
required:
- failureThreshold
readinessProbe:
properties:
failureThreshold:
minimum: 1
required:
- failureThreshold
startupProbe:
properties:
failureThreshold:
minimum: 1
required:
- failureThreshold
allOf:
- $ref: "#/definitions/probePattern"
additionalProperties:
$ref: "#"
items:
$ref: "#"
6 changes: 3 additions & 3 deletions pkg/defaultRules/defaultRulesSchema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,15 @@
},
"rules": {
"type": "array",
"minItems": 54,
"maxItems": 54,
"minItems": 59,
"maxItems": 59,
"items": {
"type": "object",
"properties": {
"id": {
"type": "number",
"minimum": 1,
"maximum": 54
"maximum": 59
},
"name": {
"type": "string",
Expand Down
34 changes: 34 additions & 0 deletions pkg/policy/tests/55-fail.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: k8s-probes
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
readinessProbe:
initialDelaySeconds: 0
periodSeconds: 2
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 1
exec:
command:
- cat
- /etc/nginx/nginx.conf
startupProbe:
timeoutSeconds: 1
failureThreshold: 2
35 changes: 35 additions & 0 deletions pkg/policy/tests/55-pass.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: k8s-probes
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
readinessProbe:
initialDelaySeconds: 0
periodSeconds: 2
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 1
exec:
command:
- cat
- /etc/nginx/nginx.conf
startupProbe:
timeoutSeconds: 1
failureThreshold: 2
initialDelaySeconds: 0
Loading

0 comments on commit f1f0e61

Please sign in to comment.