Add Kyverno policy to restrict ingresses to NYU by default (!1) · Merge requests · HSRN Projects / Kubernetes Access Control

Remi Rampin requested to merge ingress-whitelist into code Feb 20, 2024

Unless an annotation hpc.nyu.edu/access=public is set on an Ingress, it will autoamtically get a whitelist to only allow access from within NYU.

Fixes kubernetes-bare-metal#66

Should probably be rolled out in two stages: first, accept the annotation (and check it). Only later will we apply the whitelist if it is not present.

Unfortunately Kyverno can't show a warning so we can't inform users directly this way.

Add Kyverno policy to restrict ingresses to NYU by default

Merge request reports