Kubernetes
Check if a k8s PVC is in Pending state
K8S401
pvc
Health
Critical
Alerts on pending PVCs, highlighting potential delays in provisioning persistent volume claims for all the namespaces
Check if the k8s node is in Ready state
K8S504
node
Health
Critical
Ensure node health by examining readiness conditions, signaling failures if any issues are detected in the node's status
Deployment has insufficient replicas
K8S801
deployment
Health
Critical
Validate Deployments for the correct number of available replicas, highlighting any discrepancies between desired and available counts
Pod has a high restart count
K8S104
pod
Health
Critical
Identify pods for all the namespaces where certain containers have restarted more than 10 times, indicating potential instability concerns
Pod is in CrashLoopBackOff state
K8S103
pod
Health
Critical
Identify pods with containers stuck in a CrashLoopBackOff state, highlighting potential issues impacting pod stability for all the namespaces
Service has endpoints that are NotReady
K8S304
service
Health
Severe
Highlights when services have NotReady endpoints, indicating potential disruptions to service reliability for all the namespaces
Service has no endpoints
K8S301
service
Health
Severe
Identify services with no associated endpoints, highlighting potential misconfigurations impacting service connectivity
Analyzing HPAs, checking if scale targets exist and have resources
K8S101
pod
HPA
High
Analyze optimal Horizontal Pod Autoscaler (HPA) configurations by ensuring associated resources (Deployments, ReplicationControllers, ReplicaSets, StatefulSets) have defined resource limits for effective auto-scaling
Check for the existence of Ingress class, service and secrets for all the namespaces
K8S201
ingress
Ingress
High
Ensure proper Ingress configurations by validating associated services, secrets, and ingress classes, flagging issues if there are missing elements or misconfigured settings for all the namespaces
Check the existence of secret in Daemonset
K8S603
daemonset
Daemonset, Secret
High
Ensure the presence of referenced Secrets in Daemonset volumes, reporting failures for any missing Secret within all the namespaces
Check the existence of secret in Deployment
K8S701
secret
Deployment
High
Ensure the presence of referenced Secrets in Deployment volumes, reporting failures for any missing Secret for all the namespaces
Excessive Pods on Node
K8S501
node
Resource Limits
High
Assesses nodes for excessive pod counts, flagging potential issues if pods near capacity thresholds based on CPU and memory resources
Find Deployments with missing configmap
K8S901
configmap
Deployment
High
Ensure the presence of referenced ConfigMaps in Deployment volumes, reporting failures for any missing ConfigMap for all the namespaces
Find Pending Pods
K8S106
pod
Health
High
Ensure that Pods are not in a Pending state due to scheduling issues or container creation failures, and report relevant details for diagnostics
Find Pods with missing configmap
K8S102
pod
Pod, ConfigMap
High
Ensure the presence of referenced ConfigMaps in Pod containers and volumes, reporting failures for any missing ConfigMap for all the namespaces
Find Pods with missing secrets
K8S105
pod
Pod, Secret
High
Ensure the presence of referenced Secrets in Pod containers, reporting failures for any missing Secret for all the namespaces
Insufficient PIDs on Node
K8S502
node
Performance
High
Check if the nodes have remaining PIDs less than a set threshold
Kubernetes Node Out-of-Memory Check
K8S503
node
Performance
High
Checks if any Kubernetes node is using more than 85% of its memory capacity.
Validate configmap existence in Statefulset
K8S1001
statefulset
StatefulSet
High
Ensure the existence of referenced ConfigMaps in StatefulSet volume claims and template volumes, reporting failures for any missing ConfigMap for all the namespaces
Validate cronjob starting deadline
K8S1101
cronjob
CronJob
High
Ensure CronJobs have a non-negative starting deadline, reporting failures for negative values for all the namespaces
Validate existence of configmaps in daemonsets
K8S601
daemonset
DaemonSet, ConfigMap
High
Ensure the presence of referenced ConfigMaps in Daemonset volumes, reporting failures for any missing ConfigMap for all the namespaces
Verify StatefulSet has valid service
K8S1002
statefulset
StatefulSet
High
Verify StatefulSet's service reference, ensuring it points to an existing service in all the namespaces, reporting failures for non-existent services
Verify StatefulSet has valid storageClass
K8S1003
statefulset
StatefulSet
High
Validate StatefulSet's storage class, ensuring it references existing storage classes in the namespace, reporting failures for non-existent ones
Zero Scale Deployment Check
K8S802
deployment
Availability
High
Verify that Deployments have a non-zero replica count, preventing unintentional scaling down to zero
Check if Kubernetes services have matching pod labels
K8S302
service
Configuration
Medium
This check validates if Kubernetes service selectors match pod labels. This ensures proper routing & discovery of pods.
Pod template validation in DaemonSet
K8S602
daemonset
Resource Management
Medium
Checks that the Pod template within a DaemonSet is configured correctly according to certain threshold values.
Services Target Port Match
K8S303
service
Diagnostic
Medium
This check identifies service ports that do not match their target ports
Validate that network policies are in place and configured correctly
K8S1201
networkpolicy
Network Security
Medium
Verify Network Policy configurations, highlighting issues if policies allow traffic to all pods or if not applied to any specific pods
Zero scale detected in statefulset
K8S1004
statefulset
Availability
Medium
Check to ensure that no StatefulSets are scaled to zero as it might hamper availability.
Find unused DaemonSet
K8S604
daemonset
DaemonSet, Cost, Resource Optimization
Low
Any DaemonSet that has been created but has no associated pods and remained unused for over 30 days.
Validate cronjobs schedule and state
K8S1102
cronjob
CronJob
Low
Ensure CronJobs have valid schedules and are not suspended, reporting failures for any invalid schedules or suspended jobs for all the namespaces
Last updated