Open sluetze opened 10 months ago
rules:
# Section 1,2
- general_network_separation
# Section 3
- configure_network_policies
- configure_network_policies_namespaces
@benruland @lichtblaugue not sure here, if we should introduce a rule to check for separation of ingresscontrollers at Section 1 or if I am taking it to far.
on could check with rules:
but I am not sure, if this is over the top for this.
another thing that @lichtblaugue said in a mail thread regarding this: Even if we have a check, which is checking for multiple ingresscontrollers, we would have no way to determine if this ingressoncontrollers are existing for the network separation usecase.
They might exist for sharding/workload distribution or other usecases. So a check, which checks for multiple ingresses would be prone to false negatives/false positives due to this or would be very complex (calculating ip subnets to ensure the ICs are in different subnets and so on, and even this would not guarantee, that these subnets are flagged for different usage).