更新时间:2024-02-01 GMT+08:00
k8sblockwildcardingress
基本信息
- 策略类型:合规
- 推荐级别:L1
- 生效资源类型:Ingress
- 参数:无
作用
禁止ingress配置空白或通配符类型的hostname。
策略实例示例
示例展示了该策略定义的生效类型。
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sBlockWildcardIngress
metadata:
name: block-wildcard-ingress
spec:
match:
kinds:
- apiGroups: ["extensions", "networking.k8s.io"]
kinds: ["Ingress"]
符合策略实例的资源定义
ingress配置的hostname不是空白或通配符类型,符合策略实例。
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: non-wildcard-ingress
spec:
rules:
- host: 'myservice.example.com'
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: example
port:
number: 80
不符合策略实例的资源定义
ingress配置的hostname是空白,不符合策略实例。
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wildcard-ingress
spec:
rules:
- host: ''
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: example
port:
number: 80
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wildcard-ingress
spec:
rules:
# Omitted host field counts as a wildcard too
- http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: example
port:
number: 80
ingress配置的hostname是包含通配符*,不符合策略实例。
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wildcard-ingress
spec:
rules:
- host: '*.example.com'
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: example
port:
number: 80
父主题: 使用策略定义库
