README
¶
Kubewarden policy that allows to restrict ingress resources.
What the policy allows to restrict
The policy configuration allows to set several properties:
-
requireTLS:boolean- Whether the
specfor ingresses resources has to include atlsattribute that include all hosts defined in the.spec.rulesattribute of the ingress resource. If any of the hosts defined in.spec.rulesis not listed insidespec.tlsthe policy will reject the ingress resource.
- Whether the
-
allowPorts:[<int>]- List of allowed ports inside
.spec.rules.paths.backend.service.port. If this array contains at least one port, any other port will be rejected.
- List of allowed ports inside
-
denyPorts:[<int>]- List of denied ports inside
.spec.rules.paths.backend.service.port. If any port matches a port on this array, the ingress resource will be rejected, otherwise it will be accepted.
- List of denied ports inside
If allowPorts and denyPorts are provided together (and are not
empty), denyPorts is prioritized.
Examples
- Require TLS for all hosts provided in ingress:
{
"requireTLS": true
}
- Require TLS for all hosts provided in ingress, and disallow port 80:
{
"requireTLS": true,
"denyPorts": [80]
}
- Require TLS for all hosts provided in ingress, and only allow port 443:
{
"requireTLS": true,
"allowPorts": [443]
}
Documentation
¶
There is no documentation for this package.
Source Files
Click to show internal directories.
Click to hide internal directories.