k8sblockwildcardingress
Basic Information
- Policy type: compliance
- Recommended level: L1
- Effective resource type: ingress
- Parameter: None
Function
Do not configure a blank or wildcard host name for the ingress.
Policy Example
The following example shows the effective type of the policy definition.
apiVersion: constraints.gatekeeper.sh/v1beta1 kind: K8sBlockWildcardIngress metadata: name: block-wildcard-ingress spec: match: kinds: - apiGroups: ["extensions", "networking.k8s.io"] kinds: ["Ingress"]
Resource Definition That Complies with the Policy
The host name configured for the ingress is not blank or wildcard, which complies with the policy instance.
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: non-wildcard-ingress spec: rules: - host: 'myservice.example.com' http: paths: - pathType: Prefix path: "/" backend: service: name: example port: number: 80
Resource Definition That Does Not Comply with the Policy
The host name configured for the ingress is blank, which does not comply with the policy instance.
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: wildcard-ingress spec: rules: - host: '' http: paths: - pathType: Prefix path: "/" backend: service: name: example port: number: 80 apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: wildcard-ingress spec: rules: # Omitted host field counts as a wildcard too - http: paths: - pathType: Prefix path: "/" backend: service: name: example port: number: 80
The host name configured for the ingress contains a wildcard (*), which does not comply with the policy instance.
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: wildcard-ingress spec: rules: - host: '*.example.com' http: paths: - pathType: Prefix path: "/" backend: service: name: example port: number: 80
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot