Skip to content

Instantly share code, notes, and snippets.

@hoerup

hoerup/ingress.yml

Last active January 18, 2022 21:57
Show Gist options
  • Save hoerup/e59f6ef9b390df699e97fdd1d72b06c6 to your computer and use it in GitHub Desktop.
Save hoerup/e59f6ef9b390df699e97fdd1d72b06c6 to your computer and use it in GitHub Desktop.
Download ZIP
kyverno-ingress-sample
Raw
ingress.yml
# section 1 : Ingress rules already present on cluster
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: present-ingress-1
spec:
rules:
- host: foo.bar.com
http:
paths:
- path: /foo
pathType: Prefix
backend:
service:
name: service1
port:
number: 4200
- path: /bar
pathType: Prefix
backend:
service:
name: service2
port:
number: 8080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: present-ingress-2
spec:
rules:
- host: svc3.bar.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: service3
port:
number: 4200
---
# Section 2 : ingress that will be allowed
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: allowed-1
spec:
rules:
- host: svc4.bar.com
http:
paths:
- path: / #allowed because while path / is already used - its on a different hostname
pathType: Prefix
backend:
service:
name: service4
port:
number: 4200
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: allowed-2
spec:
rules:
- host: foo.bar.com
http:
paths:
- path: /baz #allowed because on foo.bar.com /baz is not present yet
pathType: Prefix
backend:
service:
name: service4
port:
number: 4200
---
# Section 3 this should be denied
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: denied-1
spec:
rules:
- host: foo.bar.com
http:
paths:
- path: /bar # denied because the combination of host=foo.bar.com AND path=/bar is already used in the first ingress
pathType: Prefix
backend:
service:
name: service6
port:
number: 4200
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment