mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-05 15:37:19 +00:00
Code Activity
kyverno/samples/RestrictLoadBalancer.md
Chip Zoller c52f07b615
new samples; updates (#1259) 
* new samples; updates

* typos

* add policy to restrict LoadBalancer

* correct sample numbering

* fix typos
2020-11-16 13:39:59 -08:00

1 KiB
Raw Blame History

Restrict use of LoadBalancer services

A Kubernetes service of type LoadBalancer typically requires the use of a cloud provider to realize the infrastructure on the backend. Doing so has the side effect of increased cost and potentially bypassing existing Ingress resource(s) which are preferred methods of issuing traffic to a Kubernetes cluster. The use of Services of type LoadBalancer should therefore be carefully controlled or restricted across the cluster.

This sample policy checks for any services of type LoadBalancer. Change validationFailureAction to enforce to block their creation.

Policy YAML

restrict_loadbalancer.yaml

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: no-loadbalancers
spec:
  validationFailureAction: audit
  rules:
  - name: no-LoadBalancer
    match:
      resources:
        kinds:
        - Service
    validate:
      message: "Service of type LoadBalancer is not allowed."
      pattern:
        spec:
          type: "!LoadBalancer"