Hey all,
Is there a way to only allow the provisioning of internal load-balancers? For example, I have a cluster in Azure and would like to stop users being to create a load-balancer with a public ip address. Feedback when applying the yaml would be great.
Any ideas on how ( if possible ) this could be achieved?
You should be able to achieve this using the open policy agent.
Dave Strebel did a great talk at kubecon this year about on using open policy agent to secure clusters and if memory serves he demoed a very similar use case, you can watch it here
Hope that helps.
Ah awesome! Thanks for that 
Happy to help. Hope that’s the solution you’re looking for.
Yeah it does, thanks!