A way to only allow private load-balancers


Hey all,

Is there a way to only allow the provisioning of internal load-balancers? For example, I have a cluster in Azure and would like to stop users being to create a load-balancer with a public ip address. Feedback when applying the yaml would be great.

Any ideas on how ( if possible ) this could be achieved?


You should be able to achieve this using the open policy agent.

Dave Strebel did a great talk at kubecon this year about on using open policy agent to secure clusters and if memory serves he demoed a very similar use case, you can watch it here

Hope that helps.


Ah awesome! Thanks for that :slight_smile:


Happy to help. Hope that’s the solution you’re looking for.


Yeah it does, thanks!