All Policies
Disallow Service Type LoadBalancer
Especially in cloud provider environments, a Service having type LoadBalancer will cause the provider to respond by creating a load balancer somewhere in the customer account. This adds cost and complexity to a deployment. Without restricting this ability, users may easily overrun established budgets and security practices set by the organization. This policy restricts use of the Service type LoadBalancer.
Policy Definition
/other/restrict-loadbalancer/restrict-loadbalancer.yaml
1apiVersion: kyverno.io/v1
2kind: ClusterPolicy
3metadata:
4 name: no-loadbalancer-service
5 annotations:
6 policies.kyverno.io/title: Disallow Service Type LoadBalancer
7 policies.kyverno.io/category: Sample
8 policies.kyverno.io/severity: medium
9 policies.kyverno.io/subject: Service
10 policies.kyverno.io/minversion: 1.6.0
11 policies.kyverno.io/description: >-
12 Especially in cloud provider environments, a Service having type LoadBalancer will cause the
13 provider to respond by creating a load balancer somewhere in the customer account. This adds
14 cost and complexity to a deployment. Without restricting this ability, users may easily
15 overrun established budgets and security practices set by the organization. This policy restricts
16 use of the Service type LoadBalancer.
17spec:
18 validationFailureAction: audit
19 background: true
20 rules:
21 - name: no-LoadBalancer
22 match:
23 any:
24 - resources:
25 kinds:
26 - Service
27 validate:
28 message: "Service of type LoadBalancer is not allowed."
29 pattern:
30 spec:
31 type: "!LoadBalancer"