All Policies

Disallow empty Ingress host

An ingress resource needs to define an actual host name in order to be valid. This policy ensures that there is a hostname for each rule defined.

Policy Definition

/best-practices/disallow-empty-ingress-host/disallow-empty-ingress-host.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: disallow-empty-ingress-host
 5  annotations:
 6    policies.kyverno.io/title: Disallow empty Ingress host
 7    policies.kyverno.io/category: Best Practices
 8    policies.kyverno.io/minversion: 1.6.0
 9    policies.kyverno.io/severity: medium
10    policies.kyverno.io/subject: Ingress
11    policies.kyverno.io/description: >-
12      An ingress resource needs to define an actual host name
13      in order to be valid. This policy ensures that there is a
14      hostname for each rule defined.
15spec:
16  validationFailureAction: Audit
17  background: false
18  rules:
19    - name: disallow-empty-ingress-host
20      match:
21        any:
22        - resources:
23            kinds:
24              - Ingress
25      validate:
26        message: "The Ingress host name must be defined, not empty."
27        deny:
28          conditions:
29            all:
30            - key: "{{ request.object.spec.rules[].host || `[]` | length(@) }}"
31              operator: NotEquals
32              value: "{{ request.object.spec.rules[].http || `[]` | length(@) }}"
Create policy issue