2019-05-21 17:56:59 +03:00
|
|
|
apiVersion: kubepolicy.nirmata.io/v1alpha1
|
|
|
|
|
kind: Policy
|
|
|
|
|
metadata :
|
|
|
|
|
name : policy-ingress
|
|
|
|
|
spec :
|
|
|
|
|
rules:
|
|
|
|
|
- name: ingress1
|
|
|
|
|
resource:
|
2019-05-21 15:43:43 -07:00
|
|
|
kinds :
|
|
|
|
|
- Ingress
|
2019-05-21 17:56:59 +03:00
|
|
|
selector:
|
|
|
|
|
matchLabels:
|
|
|
|
|
originalLabel: isHere
|
|
|
|
|
mutate:
|
|
|
|
|
patches:
|
|
|
|
|
- path: "/metadata/labels/isMutated"
|
|
|
|
|
op: add
|
|
|
|
|
value: "true"
|
|
|
|
|
- path : "/spec/rules/0/http/paths/0/path"
|
|
|
|
|
op : replace
|
|
|
|
|
value: "/mutatedpath"
|
|
|
|
|
validate:
|
|
|
|
|
message: "Ingress allowed only for prod services"
|
|
|
|
|
pattern:
|
|
|
|
|
spec:
|
|
|
|
|
rules:
|
|
|
|
|
- http:
|
|
|
|
|
paths:
|
|
|
|
|
- path: "*"
|
|
|
|
|
backend:
|
|
|
|
|
serviceName: "*prod"
|
