feat: add cpol to configure ingress whitelisting

2024-02-13 11:53:00 +01:00
parent 80870ad127
commit 2900a1b4ab
1 changed files with 21 additions and 0 deletions
@@ -0,0 +1,21 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: add-ingress-whitelist
+spec:
+  background: true
+  generateExistingOnPolicyUpdate: true
+  rules:
+  - name: set-whitelist-internal
+    mutate:
+      patchStrategicMerge:
+        metadata:
+          annotations:
+            nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+    match:
+      resources:
+        kinds:
+        - Ingress
+        annotations:
+          atlantis.oceanbox.io/expose: internal
+  validationFailureAction: audit