Skip to main content

Validate to Analyze the Impact of the Policy

Before you enforce the selected built-in rule, make sure to run some validation checks to see how your change will impact the cluster.

To see how deploying the policy affects the cluster:

  1. Click Validate button in the top section of the right pane.

  2. Verify that the Tests column displays No tests. This column is empty because you are working with a built-in rule and have not written any custom unit tests for the rule.

    If you write a custom rule, you also write unit tests for that rule and check the results for running those tests before deploying your rule.

  3. Verify the results in the Compliance column to see if any resources in your current cluster violate the policy.

  4. Verify the results in the Decisions column to see a list of previous admission control decisions that may have changed if the current policy were enforced.

Depending on your cluster, empty results will appear at the start. To illustrate a more typical result, you can create two identical ingresses with conflicting names.

To create two ingresses:

  1. Create a new file named ingress1.yaml in a text editor.

  2. Copy and paste the following configuration settings into the ingress1.yaml file:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: prod
spec:
rules:
- host: initech.com
http:
paths:
- path: /finance
pathType: Prefix
backend:
service:
name: productpage
port:
number: 80

  3. Save the file and close the text editor.

  4. Apply the configuration from the ingress1.yaml file by running the following command:

kubectl apply -f ingress1.yaml
info

You can successfully create the ingress with an unapproved host because the Ingresses: Restrict Hostnames rule is not yet being enforced.

  5. Click Validate to repeat the validation process and review the new results to see the compliance violations reported.