Azure / AKS

Azure Kubernetes Service
https://azure.github.io/AKS/
1.97k stars 310 forks source link

Enforce Policy to Require Host Specification in Ingress Resources #4665

Open barucijah opened 1 week ago

barucijah commented 1 week ago

Description

Currently, Kubernetes Ingress resources on AKS allow the creation of rules without specifying a host. This results in ambiguous "catch-all" routing, where the Ingress controller routes traffic for any hostname matching the path. Such behavior introduces the following challenges:

To improve security, predictability, and operational efficiency, AKS should provide a built-in policy or recommendation to enforce that all Ingress resources include a host in their rules section.

Examples

Without host (current undesired behavior) Image

With host (desired behavior) Image

microsoft-github-policy-service[bot] commented 2 days ago

@Azure/aks-pm issue needs labels

microsoft-github-policy-service[bot] commented 1 day ago

@az-policy-kube would you be able to assist?

anlandu commented 1 day ago

Thanks for your suggestion! This is being evaluated internally and we'll keep you posted if and when it rolls out.