Open majst01 opened 1 year ago
Another idea that comes to mind is implementing a validation webhook. This could run as a dedicated pod in the seed's shoot namespace and watch the shoot api-server. This way, we could decline erroneous resources directly before storing them into ETCD.
We should enforce that for every rule specified either
to
ortoFQDNs
andport
is specified to prevent accidentally open to wide