🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-kubernetes-compliance
Overview
4Dashboards
790Benchmarks
781Queries
2Variables
GitHub

Control: StatefulSet containers should have liveness probe

Description

Containers in StatefulSet definition should have liveness probe. The liveness probes are to check if the container is started and alive. If this isn’t the case, kubernetes will eventually restart the container.

Usage

Run the control in your terminal:

powerpipe control run kubernetes_compliance.control.statefulset_container_liveness_probe

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run kubernetes_compliance.control.statefulset_container_liveness_probe --share

SQL

This control uses a named query:

select
  coalesce(uid, concat(path, ':', start_line)) as resource,
  case
    when c -> 'livenessProbe' is not null then 'ok'
    else 'alarm'
  end as status,
  case
    when c -> 'livenessProbe' is not null then c ->> 'name' || ' has liveness probe.'
    else c ->> 'name' || ' does not have liveness probe.'
  end as reason,
  name as stateful_set_name
  
  , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as path
from
  kubernetes_stateful_set,
  jsonb_array_elements(template -> 'spec' -> 'containers') as c;

Tags

category = Compliance
plugin = kubernetes
service = Kubernetes/StatefulSet