Kubewarden policy that allows to restrict ingress resources.
The policy configuration allows to set several properties:
requireTLS
: boolean
spec
for ingresses resources has to include a tls
attribute that include all hosts defined in the .spec.rules
attribute of the ingress resource. If any of the hosts defined in
.spec.rules
is not listed inside spec.tls
the policy will
reject the ingress resource.allowPorts
: [<int>]
.spec.rules.paths.backend.service.port
. If this array contains
at least one port, any other port will be rejected.denyPorts
: [<int>]
.spec.rules.paths.backend.service.port
. If any port matches a
port on this array, the ingress resource will be rejected,
otherwise it will be accepted.If allowPorts
and denyPorts
are provided together (and are not
empty), denyPorts
is prioritized.
{
"requireTLS": true
}
{
"requireTLS": true,
"denyPorts": [80]
}
{
"requireTLS": true,
"allowPorts": [443]
}