Open funkypenguin opened 4 years ago
That would be a great addition.
If you'd like to attempt, here are the PRs for reference: https://github.com/cruise-automation/k-rail/pull/63/files https://github.com/cruise-automation/k-rail/pull/64/files
I don't think we need any special consideration for ensuring the CRD is present - just handling the error and ensuring the request continues to the apiserver so the user gets that feedback should be enough.
Let us know if you need any assistance.
Hey David, we could use this policy as well. I can add it soon if you're too busy.
👋 The k-rail project has been deprecated and is no longer under active development. We recommend taking a look at OPA Gatekeeper to see if it might meet your needs going forward.
Thanks for your contribution(s) to the project!
Hey guys,
Could we have another policy, similar to https://github.com/cruise-automation/k-rail#unique-ingress-host, which could prevent deployment of Istio VirtualServices with duplicate names? The policy would serve the same purpose - preventing the accidental (or deliberate) interception of traffic to one service simply by creating a matching virtualservice in another namespace.
I'd be happy to take a crack at duplicating
policies/ingress/unique_ingress_host.go
myself, but might need help to add a check to ensure that the necessary CRD to list VirtualServices even exists in the cluster.Here's an example virtualservice record - the record we care about is
spec.hosts
Thanks! D