Validate Ingress Policy
Before you enforce the selected built-in rule, make sure to run some validation checks to see how your change will impact the cluster.
To see how deploying the policy affects the cluster:
Click Validate button in the top section of the right pane.
Verify that the Tests column displays No tests. This column is empty because you are working with a built-in rule and have not written any custom unit tests for the rule.
If you write a custom rule, you also write unit tests for that rule and check the results for running those tests before deploying your rule.
Verify the results in the Compliance column to see if any resources in your current cluster violate the policy.
Verify the results in the Decisions column to see a list of previous admission control decisions that may have changed if the current policy were enforced.
Depending on your cluster, empty results will appear at the start. To illustrate a more typical result, you can create two identical ingresses with conflicting names.
To create two ingresses:
Create a new file named
ingress1.yaml
in a text editor.Copy and paste the following configuration settings into the
ingress1.yaml
file:apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: prod
spec:
rules:
- host: initech.com
http:
paths:
- path: /finance
pathType: Prefix
backend:
service:
name: productpage
port:
number: 80Save the file and close the text editor.
Apply the configuration from the
ingress1.yaml
file by running the following command:kubectl apply -f ingress1.yaml
infoYou can successfully create the ingress with an unapproved host because the Ingresses: Restrict Hostnames rule is not yet being enforced.
Click Validate to repeat the validation process and review the new results to see the compliance violations reported.