Gerrit91
commented
1 year ago Another idea that comes to mind is implementing a validation webhook. This could run as a dedicated pod in the seed's shoot namespace and watch the shoot api-server. This way, we could decline erroneous resources directly before storing them into ETCD.
We should enforce that for every rule specified either
toortoFQDNsandportis specified to prevent accidentally open to wide