Unique Ingress Host and Path

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: unique-ingress-host-and-path
 5  annotations:
 6    policies.kyverno.io/title: Unique Ingress Host and Path
 7    policies.kyverno.io/category: Sample
 8    policies.kyverno.io/severity: medium
 9    policies.kyverno.io/subject: Ingress
10    kyverno.io/kyverno-version: 1.7.0
11    policies.kyverno.io/minversion: 1.6.0
12    kyverno.io/kubernetes-version: "1.23"
13    policies.kyverno.io/description: >-
14      Similar to the ability to check the uniqueness of hosts and paths independently,
15      it is possible to check for uniqueness of them both together across a cluster.
16      This policy ensures that no Ingress can be created or updated unless it is
17      globally unique with respect to host plus path combination.
18spec:
19  validationFailureAction: Audit
20  background: false
21  rules:
22    - name: check-host-path-combo
23      match:
24        any:
25        - resources:
26            kinds:
27              - Ingress
28      preconditions:
29        all:
30        - key: "{{ request.operation || 'BACKGROUND' }}"
31          operator: NotEquals
32          value: DELETE
33      context:
34        - name: rules
35          apiCall:
36            urlPath: "/apis/networking.k8s.io/v1/ingresses"
37            jmesPath: "items[].spec.rules[]"
38      validate:
39        message: "The Ingress host and path combination must be unique across the cluster."
40        foreach:
41        - list: "request.object.spec.rules[]"
42          deny:
43            conditions:
44              all:
45              - key: "{{ element.http.paths[].path }}"
46                operator: AnyIn
47                value: "{{ rules[?host=='{{element.host}}'][].http.paths[].path }}"