Closed sluetze closed 4 months ago
Why do you think the Checks will always fail? Because there often will be at least a container without a probe?
I think it is not that much work if looking at the existing checks to create this for the probes.
Questions which come to mind, which I cant answer right now:
To wrap up that point: I have created a manual rule for readiness and liveness probe
/closed
merged upstream
The existance of readiness und liveness probes can be validated technically. This check needs to be performed for each container in every pod individually. Therefore, the check is better suited as part of the Kubernetes admission control process or manually.
The adequacy of the checks and the configured time periods needs to be ensured by the application owner.
To discuss: Does it make sense to build a check for all deployments, statefulsets, daemonsets in the cluster? There are rules (resource_requests_limits_in_deployment, resource_requests_limits_in_daemonset, resource_requests_limits_in_statefulset) that we could use as a template, but I don't think the compliance operator is a good place for that. Likely, this check will always fail... What do you mean @sluetze @ermeratos?