What the policy allows to restrict

Kubewarden policy that allows to restrict ingress resources.

The policy configuration allows to set several properties:

requireTLS: boolean
- Whether the spec for ingresses resources has to include a tls attribute that include all hosts defined in the .spec.rules attribute of the ingress resource. If any of the hosts defined in .spec.rules is not listed inside spec.tls the policy will reject the ingress resource.
allowPorts: [<int>]
- List of allowed ports inside .spec.rules.paths.backend.service.port. If this array contains at least one port, any other port will be rejected.
denyPorts: [<int>]
- List of denied ports inside .spec.rules.paths.backend.service.port. If any port matches a port on this array, the ingress resource will be rejected, otherwise it will be accepted.

If allowPorts and denyPorts are provided together (and are not empty), denyPorts is prioritized.

Examples

{
  "requireTLS": true
}

{
  "requireTLS": true,
  "denyPorts": [80]
}

{
  "requireTLS": true,
  "allowPorts": [443]
}

Name		Name	Last commit message	Last commit date
Latest commit History 170 Commits
.github/workflows		.github/workflows
test_data		test_data
vendor		vendor
.gitignore		.gitignore
CODEOWNERS		CODEOWNERS
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
artifacthub-pkg.yml		artifacthub-pkg.yml
artifacthub-repo.yml		artifacthub-repo.yml
e2e.bats		e2e.bats
go.mod		go.mod
go.sum		go.sum
hub.yml		hub.yml
main.go		main.go
metadata.yml		metadata.yml
questions-ui.yml		questions-ui.yml
renovate.json		renovate.json
settings.go		settings.go
settings.sample.json		settings.sample.json
settings_test.go		settings_test.go
validate.go		validate.go
validate_test.go		validate_test.go