k8sexternalips
Basic Information
Function
The external IP of the Service must be an allowed IP address.
Policy Example
The external IP of the Service can only be the IP address defined in allowedIPs.
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sExternalIPs metadata: name: external-ips spec: match: kinds: - apiGroups: [""] kinds: ["Service"] parameters: allowedIPs: - "203.0.113.0"
Resource Definition That Complies with the Policy
The IP addresses in externalIPs are those in the allowed IP address list, which complies with the policy instance.
apiVersion: v1 kind: Service metadata: name: allowed-external-ip spec: selector: app: MyApp ports: - name: http protocol: TCP port: 80 targetPort: 8080 externalIPs: - 203.0.113.0
Resource Definition That Does Not Comply with the Policy
The IP addresses in externalIPs are not in the allowed IP address list, which does not comply with the policy instance.
apiVersion: v1 kind: Service metadata: name: disallowed-external-ip spec: selector: app: MyApp ports: - name: http protocol: TCP port: 80 targetPort: 8080 externalIPs: - 1.1.1.1
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot