Validate Healthcheck Instruction

Description

Ensuring the presence and proper configuration of the HEALTHCHECK instruction in a Dockerfile is crucial for maintaining the health and stability of containerized applications. This policy aims to validate whether the HEALTHCHECK instruction is appropriately defined to promote robust container orchestration and monitoring practices.

Kyverno policy

Refer to the Nirmata curated policies - validate-healthcheck-instruction.

Resource example

Below is an example of a Dockerfile enforcing this policy.

FROM ubuntu:latest

HEALTHCHECK CMD curl --fail http://localhost:80 || exit 1

CMD ["nginx", "-g", "daemon off;"]