search

cruise-automation / k-rail

Kubernetes security tool for policy enforcement
Apache License 2.0
444 stars 55 forks source link

Allow multiple load balancer annotations to be required #112

Closed somethingnew2-0 closed 3 years ago

somethingnew2-0 commented 3 years ago

Because of an annotation change for GKE load balancers, we want to allow multiple annotations to be configured while still requiring at least one of them to be non-empty.

https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing

For GKE versions 1.17 and later, use the annotation networking.gke.io/load-balancer-type: "Internal".

For earlier versions, use the annotation cloud.google.com/load-balancer-type: "Internal".

This change is backwards compatible as the singular "annotation" is included in the list of "annotations" by default for the "policy_require_service_loadbalancer_annotations" config.

somethingnew2-0 commented 3 years ago

Yeah, that check always fails until after release. I haven't looked into how to fix it yet...