add sample policy for deployments

kyverno · Nov 12, 2020 · e76ce41 · e76ce41
1 parent 2e5c26e
commit e76ce41
Show file tree

Hide file tree

Showing 3 changed files with 65 additions and 0 deletions.
diff --git a/samples/README.md b/samples/README.md
@@ -37,6 +37,7 @@ These policies provide additional best practices and are worthy of close conside
 1. [Restrict User Group](CheckUserGroup.md)
 1. [Require pods are labeled](RequireLabels.md)
 1. [Require pods have certain labels](RequireCertainLabels.md)
+1. [Require Deployments have multiple replicas](RequireDeploymentsHaveReplicas.md)
 
 ## Applying the sample policies
 

diff --git a/samples/RequireDeploymentsHaveReplicas.md b/samples/RequireDeploymentsHaveReplicas.md
@@ -0,0 +1,40 @@
+# Require deployments have multiple replicas
+
+Deployments with only a single replica produce availability concerns should that single replica fail. In most cases, you would want Deployment objects to have more than one replica to ensure continued availability if not scale.
+
+This sample policy requires that Deployments have more than one replica excluding a list of system namespaces.
+
+## More Information
+
+* [Kubernetes Deployments](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/)
+
+## Policy YAML
+
+[require_deployments_have_multiple_replicas.yaml](more/require_deployments_have_multiple_replicas.yaml)
+
+```yaml
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: deployment-has-multiple-replicas
+spec:
+  validationFailureAction: audit
+  rules:
+    - name: deployment-has-multiple-replicas
+      match:
+        resources:
+          kinds:
+            - Deployment
+      exclude:
+        resources:
+          namespaces:
+          - kyverno
+          - kube-system
+          - kube-node-lease
+          - kube-public
+      validate:
+        message: "Deployments must have more than one replica to ensure availability."
+        pattern:
+          spec:
+            replicas: ">1"
+```
diff --git a/samples/more/require_deployments_have_multiple_replicas.yaml b/samples/more/require_deployments_have_multiple_replicas.yaml
@@ -0,0 +1,24 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: deployment-has-multiple-replicas
+spec:
+  validationFailureAction: audit
+  rules:
+    - name: deployment-has-multiple-replicas
+      match:
+        resources:
+          kinds:
+            - Deployment
+      exclude:
+        resources:
+          namespaces:
+          - kyverno
+          - kube-system
+          - kube-node-lease
+          - kube-public
+      validate:
+        message: "Deployments must have more than one replica to ensure availability."
+        pattern:
+          spec:
+            replicas: ">1"