What this PR does / why we need it:
This ConstraintTemplate will provide capability to limit the domain names being useable in Route objects. The default kubernetes RBAC does not provide capability to restrict the spec.hostfield from being evaluated.
Special notes for your reviewer:
I have not been able to get the tests working with the Route object as input not even if I only use a fail mechanism in the ConstraintTemplate. I assume, this is related to gator verify as it is verified working in an OpenShift Cluster.
I have been testing the Policy with OCP 4.12, 4.13 4.14
What this PR does / why we need it: This ConstraintTemplate will provide capability to limit the domain names being useable in Route objects. The default kubernetes RBAC does not provide capability to restrict the
spec.host
field from being evaluated.Special notes for your reviewer: I have not been able to get the tests working with the Route object as input not even if I only use a fail mechanism in the ConstraintTemplate. I assume, this is related to gator verify as it is verified working in an OpenShift Cluster.
I have been testing the Policy with OCP 4.12, 4.13 4.14