A way to only allow private load-balancers

Hey all,

Is there a way to only allow the provisioning of internal load-balancers? For example, I have a cluster in Azure and would like to stop users being to create a load-balancer with a public ip address. Feedback when applying the yaml would be great.

Any ideas on how ( if possible ) this could be achieved?

You should be able to achieve this using the open policy agent.

Dave Strebel did a great talk at kubecon this year about on using open policy agent to secure clusters and if memory serves he demoed a very similar use case, you can watch it here

Hope that helps.

1 Like

Ah awesome! Thanks for that :slight_smile:

2 Likes

Happy to help. Hope that’s the solution you’re looking for.

Yeah it does, thanks!