cloud-platform icon indicating copy to clipboard operation
cloud-platform copied to clipboard

Published 20 hours ago verified publisher icon ministryofjustice

Create OPA policy to restrict live-2 users to use old ingress controllers

Open vijay-veeranki opened this issue 2 years ago • 0 comments

Background

Currently, live-2 have both old and new ingress controllers, we want to restrict users from using old ingress-controllers in live-2

Create an OPA policy to restrict users from using ingress class as "nginx" and "modsec01"

Proposed user journey

OPA policy should check for below

spec:
  ingressClassName: <is not nginx or modsec>

Also ingress class annotation is not used

kubernetes.io/ingress.class: "nginx"

Approach

This OPA policy should restrict users to create ingress using old ingress class

Which part of the user docs does this impact

Questions / Assumptions

Definition of done

  • [ ] OPA policy created
  • [ ] OPA test updated

Reference

How to write good user stories

vijay-veeranki avatar Oct 05 '22 15:10 vijay-veeranki