All Policies

Disallow Service Type LoadBalancer

Especially in cloud provider environments, a Service having type LoadBalancer will cause the provider to respond by creating a load balancer somewhere in the customer account. This adds cost and complexity to a deployment. Without restricting this ability, users may easily overrun established budgets and security practices set by the organization. This policy restricts use of the Service type LoadBalancer.

Policy Definition

/other/restrict-loadbalancer/restrict-loadbalancer.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: no-loadbalancer-service
 5  annotations:
 6    policies.kyverno.io/title: Disallow Service Type LoadBalancer
 7    policies.kyverno.io/category: Sample
 8    policies.kyverno.io/severity: medium
 9    policies.kyverno.io/subject: Service
10    policies.kyverno.io/minversion: 1.6.0
11    policies.kyverno.io/description: >-
12      Especially in cloud provider environments, a Service having type LoadBalancer will cause the
13      provider to respond by creating a load balancer somewhere in the customer account. This adds
14      cost and complexity to a deployment. Without restricting this ability, users may easily
15      overrun established budgets and security practices set by the organization. This policy restricts
16      use of the Service type LoadBalancer.      
17spec:
18  validationFailureAction: audit
19  background: true
20  rules:
21  - name: no-LoadBalancer
22    match:
23      any:
24      - resources:
25          kinds:
26          - Service
27    validate:
28      message: "Service of type LoadBalancer is not allowed."
29      pattern:
30        spec:
31          type: "!LoadBalancer"