StatefulSet without PodDisruptionBudget

이 제품은 선택한 Datadog 사이트에서 지원되지 않습니다. ().
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: 1db3a5a5-bf75-44e5-9e44-c56cfc8b1ac5

Cloud Provider: Kubernetes

Platform: Kubernetes

Severity: Low

Category: Availability

Learn More

Description

StatefulSets with more than one replica should have a PodDisruptionBudget that targets the StatefulSet’s pod selector (spec.selector.matchLabels) to ensure high availability.
This prevents simultaneous voluntary evictions from reducing the number of available replicas and helps maintain service continuity.
The rule flags StatefulSets where no PodDisruptionBudget matches the StatefulSet’s selector.

Compliant Code Examples

apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
  name: nginx-pdb
spec:
  maxUnavailable: 1
  selector:
    matchLabels:
      app: nginx33
      run: test
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: web
spec:
  selector:
    matchLabels:
      app: nginx123
      run: test
  serviceName: "nginx"
  replicas: 3
  template:
    metadata:
      labels:
        app: nginx
    spec:
      terminationGracePeriodSeconds: 10
      containers:
      - name: nginx
        image: k8s.gcr.io/nginx-slim:0.8
        ports:
        - containerPort: 80
          name: web
        volumeMounts:
        - name: www
          mountPath: /usr/share/nginx/html

Non-Compliant Code Examples

apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
  name: nginx-pdb
spec:
  maxUnavailable: 1
  selector:
    matchLabels:
      app: xpto
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: web
spec:
  requiredDropCapabilities:
    - ALL
  selector:
    matchLabels:
      app: nginx
  serviceName: "nginx"
  replicas: 3
  template:
    metadata:
      labels:
        app: nginx
    spec:
      terminationGracePeriodSeconds: 10
      containers:
      - name: nginx
        image: k8s.gcr.io/nginx-slim:0.8
        ports:
        - containerPort: 80
          name: web
        volumeMounts:
        - name: www
          mountPath: /usr/share/nginx/html