Skip to main content

☑️ Ensure each container probe has a configured minimum success threshold

Probes have a number of fields that are used to control the behavior of liveness, readiness and startup checks. Though these fields have default values, we suggest to explicitly set them with your desired values.
One reason to do so is to prevent cases where unknown default behavior is used. For example, a defect was found in one of these fields causing it to be ignored, and was corrected in Kubernetes v1.20.

The field successThreshold defines the minimum consecutive successes required for the probe to be considered successful after having failed. It has a default value of 1, a minimum value of 1, and must have a value of 1 for liveness and startup probes.

Targeted objects by this rule (types of kind): Deployment / Pod / DaemonSet / StatefulSet / ReplicaSet / CronJob / Job

Complexity: medium (What does this mean?)

Policy as code identifier: CONTAINERS_INCORRECT_SUCCESSTHRESHOLD_VALUE

This rule will fail

If a container has a livenessProbe, readinessProbe and/or startupProbe configured, but the field successThreshold is not configured or has a value smaller than 1. For liveness and startup probes, this rule will also fail if the value of successThreshold is not 1

spec:
  containers:
    - name: myContainer
      readinessProbe:
        successThreshold: 0
spec:
  containers:
    - name: myContainer
      livenessProbe:
        successThreshold: 2
spec:
  containers:
    - name: myContainer
      startupProbe:
        periodSeconds: 1

Rule output in the CLI

$ datree test *.yaml

>> File: failExample.yaml
❌ Ensure each container probe has a configured minimum success threshold [1 occurrence]
💡 Incorrect value for key `successThreshold` - set explicitly to control when a probe is considered successful after having failed

How to fix this failure

Each container probe should have a configured successThreshold property with a valid value (see above for limitations)

spec:
  containers:
    - name: myContainer
      readinessProbe:
        successThreshold: 2
spec:
  containers:
    - name: myContainer
      livenessProbe:
        successThreshold: 1
spec:
  containers:
    - name: myContainer
      startupProbe:
        successThreshold: 1

Read more