A way to only allow private load-balancers


#1

Hey all,

Is there a way to only allow the provisioning of internal load-balancers? For example, I have a cluster in Azure and would like to stop users being to create a load-balancer with a public ip address. Feedback when applying the yaml would be great.

Any ideas on how ( if possible ) this could be achieved?


#2

You should be able to achieve this using the open policy agent.

Dave Strebel did a great talk at kubecon this year about on using open policy agent to secure clusters and if memory serves he demoed a very similar use case, you can watch it here

Hope that helps.


#3

Ah awesome! Thanks for that :slight_smile:


#4

Happy to help. Hope that’s the solution you’re looking for.


#5

Yeah it does, thanks!