All Policies
PodDisruptionBudget maxUnavailable Non-Zero
A PodDisruptionBudget which sets its maxUnavailable value to zero prevents all voluntary evictions including Node drains which may impact maintenance tasks. This policy enforces that if a PodDisruptionBudget specifies the maxUnavailable field it must be greater than zero.
Policy Definition
/other/pdb-maxunavailable/pdb-maxunavailable.yaml
1apiVersion: kyverno.io/v1
2kind: ClusterPolicy
3metadata:
4 name: pdb-maxunavailable
5 annotations:
6 policies.kyverno.io/title: PodDisruptionBudget maxUnavailable Non-Zero
7 policies.kyverno.io/category: Other
8 kyverno.io/kyverno-version: 1.9.0
9 kyverno.io/kubernetes-version: "1.24"
10 policies.kyverno.io/subject: PodDisruptionBudget
11 policies.kyverno.io/description: >-
12 A PodDisruptionBudget which sets its maxUnavailable value to zero prevents
13 all voluntary evictions including Node drains which may impact maintenance tasks.
14 This policy enforces that if a PodDisruptionBudget specifies the maxUnavailable field
15 it must be greater than zero.
16spec:
17 validationFailureAction: audit
18 background: false
19 rules:
20 - name: pdb-maxunavailable
21 match:
22 any:
23 - resources:
24 kinds:
25 - PodDisruptionBudget
26 validate:
27 message: "The value of maxUnavailable must be greater than zero."
28 pattern:
29 spec:
30 =(maxUnavailable): ">0"