Liveness and readiness probes accomplish different goals, and setting both to the same is an anti-pattern and often results in app problems in the future. This policy checks that liveness and readiness probes are not equal. Keep in mind that if both the probes are not set, they are considered to be equal and hence fails the check.
apiVersion: policies.kyverno.io/v1alpha1kind: ValidatingPolicymetadata:name: validate-probesannotations:policies.kyverno.io/title: Validate Probes in ValidatingPolicypolicies.kyverno.io/category: Sample in Vpolpolicies.kyverno.io/severity: mediumpolicies.kyverno.io/minversion: 1.14.0kyverno.io/kubernetes-version: "1.30"policies.kyverno.io/subject: Podpolicies.kyverno.io/description: Liveness and readiness probes accomplish different goals, and setting both to the same is an anti-pattern and often results in app problems in the future. This policy checks that liveness and readiness probes are not equal. Keep in mind that if both the probes are not set, they are considered to be equal and hence fails the check.spec:validationActions:- Auditautogen:podControllers:controllers: []evaluation:background:enabled: falsematchConstraints:resourceRules:- apiGroups:- appsapiVersions:- v1resources:- deployments- daemonsets- statefulsetsoperations:- CREATE- UPDATEvalidations:- expression: "!object.spec.template.spec.containers.exists(container, has(container.readinessProbe) && has(container.livenessProbe) && container.readinessProbe == container.livenessProbe)"message: Liveness and readiness probes cannot be the same.
This policy prevents the use of the default project in an Application.
This policy prevents updates to the project field after an Application is created.
This policy ensures that the name of the ApplicationSet is the same value provided in the project.