PREQUEL-2025-0117

Kubernetes Deployment Readiness Probe MissingMedium

PREQUEL-2025-0117View on GitHub

KubernetesDeploymentReadiness ProbeHealth ChecksReliabilityTraffic Routing

Description

• Detects Kubernetes Deployment resources without readiness probes configured on containers.
• Monitors deployment specifications where containers lack proper readiness check definitions.
• Identifies reliability violations that can lead to premature traffic routing.
• Tracks deployments that may receive traffic before being fully ready to handle requests.

Cause

• Deployment manifests created without proper readiness check specifications.
• Development teams unaware of the distinction between liveness and readiness probes.
• CI/CD pipelines deploying applications without traffic readiness considerations.
• Helm charts or templates missing default readiness probe configurations.
• Legacy applications migrated without readiness endpoint implementation.
• Infrastructure automation scripts lacking readiness check validation.

Mitigation

• Implement admission controllers to enforce readiness probe requirements on deployments.
• Establish standard readiness check endpoints for all application services.
• Integrate readiness check validation into CI/CD pipelines before deployment.
• Implement application-specific readiness logic to ensure proper traffic handling.

References

• https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
• https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
• https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#probe-v1-core