This repository was archived by the owner on Jan 12, 2023. It is now read-only.
This repository was archived by the owner on Jan 12, 2023. It is now read-only.
[FR] Add policy to enforce unique Istio VirtualServices (like unique Ingress policy) #83
Description
Hey guys,
Could we have another policy, similar to https://github.com/cruise-automation/k-rail#unique-ingress-host, which could prevent deployment of Istio VirtualServices with duplicate names? The policy would serve the same purpose - preventing the accidental (or deliberate) interception of traffic to one service simply by creating a matching virtualservice in another namespace.
I'd be happy to take a crack at duplicating policies/ingress/unique_ingress_host.go myself, but might need help to add a check to ensure that the necessary CRD to list VirtualServices even exists in the cluster.
Here's an example virtualservice record - the record we care about is spec.hosts
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
annotations:
meta.helm.sh/release-name: minio
meta.helm.sh/release-namespace: dev
creationTimestamp: "2020-07-27T09:44:34Z"
generation: 1
labels:
app.kubernetes.io/managed-by: Helm
name: dev-minio.elpenguino.net
namespace: dev
resourceVersion: "10700039"
selfLink: /apis/networking.istio.io/v1beta1/namespaces/dev/virtualservices/dev-minio.elpenguino.net
uid: 118e4125-20b6-4a82-b940-94c729387b62
spec:
gateways:
- istio-ingressgateway.istio-system.svc.cluster.local
hosts:
- dev-minio.elpenguino.net
Thanks!
D