All Policies

Limit dnsNames

Some applications will not accept certificates containing more than a single name. This policy ensures that each certificate request contains only one DNS name entry.

Policy Definition

/cert-manager/limit-dnsnames/limit-dnsnames.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: cert-manager-limit-dnsnames
 5  annotations:
 6    policies.kyverno.io/title: Limit dnsNames
 7    policies.kyverno.io/category: Cert-Manager
 8    policies.kyverno.io/severity: medium
 9    policies.kyverno.io/minversion: 1.6.0
10    policies.kyverno.io/subject: Certificate
11    policies.kyverno.io/description: >-
12      Some applications will not accept certificates containing more than a single name.
13      This policy ensures that each certificate request contains
14      only one DNS name entry.
15spec:
16  validationFailureAction: Audit
17  background: false
18  rules:
19  - name: limit-dnsnames
20    match:
21      any:
22      - resources:
23          kinds:
24          - Certificate
25    validate:
26      message: Only one dnsNames entry allowed per certificate request.
27      deny:
28        conditions:
29          all:
30          - key: "{{request.object.spec.dnsNames || `[]` | length(@)}}"
31            operator: GreaterThan
32            value: "1"
Create policy issue