This repository was archived by the owner on Jun 6, 2024. It is now read-only.

Files

.github
.idea
bl
cluster-integration
cmd
dockerfiles
examples
- CEL
- CHECKING_DEPRECATED_API_VERSIONS
- Cost_Reduction
- Governance
- HPA_best_practices
- PodDisruptionBudget_Policies
- Security
- Siddhu-Custom-Policies-
- cost-reduction-best-practices
- defaultPaC
- deployment-best-practices
- governance-best-practices
  - README.md
  - fail.yaml
  - pass.yaml
  - policy.yaml
- horizontal-pod-autoscaler-policy
- prevent_deprecated_apis
- production-best-practices-policy
- rego-policy
- sample-policy
- security-best-practices
- security-policy
- security_checks
- stability-best-practices
- termination-message-policy
- README.md
images
internal
pkg
scripts
.dockerignore
.gitattributes
.gitignore
.gitmodules
.golangci.yml
.goreleaser.yml
.pre-commit-hooks.yaml
CODEOWNERS
CONTRIBUTING.md
DEVELOPER_GUIDE.md
LICENSE.md
Makefile
README.md
go.mod
go.sum
install.sh
main.go
windows_install.ps1

governance-best-practices

Name		Name	Last commit message	Last commit date
parent directory ..
README.md		README.md
fail.yaml		fail.yaml
pass.yaml		pass.yaml
policy.yaml		policy.yaml

README.md

Policy: governance_best_practices

Ingress host name should be a valid organization name. Invalid host names can cause problems with access to the API.

This policy helps to enforce the following best practices:

Ensure Ingress only uses approved domain names for hostnames

Ensure Ingress only uses approved domain names for hostnames

When this rule is failing?

If host is missing:

apiVersion: networking.k8s.io/v1
kind: Ingress
spec:
  rules:
    - http:
        paths:
          - pathType: ImplementationSpecific
            path: /
            backend:
              service:
                name: nginx
                port:
                  number: 80

OR the value of host is not a valid organization name (*.example.com):

apiVersion: networking.k8s.io/v1
kind: Ingress
spec:
  rules:
    - host: test.com
      http:
        paths:
          - pathType: ImplementationSpecific
            path: /
            backend:
              service:
                name: nginx
                port:
                  number: 80

--ignore-missing-schemas will have to be used to ignore the missing schema.

Policy author

Brijesh Shah \ brijeshshah13

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Files

governance-best-practices

governance-best-practices

README.md

Policy: governance_best_practices

Ensure Ingress only uses approved domain names for hostnames

When this rule is failing?

Policy author

Files

governance-best-practices

Directory actions

More options

Directory actions

More options

Latest commit

History

governance-best-practices

Folders and files

parent directory

README.md

Policy: governance_best_practices

Ensure Ingress only uses approved domain names for hostnames

When this rule is failing?

Policy author