Skip to content

Instantly share code, notes, and snippets.

@akash-gautam
Created May 18, 2020 08:00
Show Gist options
  • Save akash-gautam/e972cb585f4b0b041c5ce395a9dfc491 to your computer and use it in GitHub Desktop.
Save akash-gautam/e972cb585f4b0b041c5ce395a9dfc491 to your computer and use it in GitHub Desktop.
Constraint Template to deny service of type LoadBalancer
apiVersion: templates.gatekeeper.sh/v1beta1
kind: ConstraintTemplate
metadata:
name: lbtypesvcnotallowed
spec:
crd:
spec:
names:
kind: LBTypeSvcNotAllowed
listKind: LBTypeSvcNotAllowedList
plural: lbtypesvcnotallowed
singular: lbtypesvcnotallowed
targets:
- target: admission.k8s.gatekeeper.sh
rego: |
package kubernetes.admission
violation[{"msg": msg}] {
input.review.kind.kind = "Service"
input.review.operation = "CREATE"
input.review.object.spec.type = "LoadBalancer"
msg := "LoadBalancer Services are not permitted"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment