All Policies

Disallow Service Type LoadBalancer

Especially in cloud provider environments, a Service having type LoadBalancer will cause the provider to respond by creating a load balancer somewhere in the customer account. This adds cost and complexity to a deployment. Without restricting this ability, users may easily overrun established budgets and security practices set by the organization. This policy restricts use of the Service type LoadBalancer.

Policy Definition

/other/restrict_loadbalancer.yaml

 1apiVersion: kyverno.io/v1
 2kind: ClusterPolicy
 3metadata:
 4  name: no-loadbalancer-service
 5  annotations:
 6    policies.kyverno.io/title: Disallow Service Type LoadBalancer
 7    policies.kyverno.io/category: Sample
 8    policies.kyverno.io/severity: medium
 9    policies.kyverno.io/subject: Service
10    policies.kyverno.io/description: >-
11      Especially in cloud provider environments, a Service having type LoadBalancer will cause the
12      provider to respond by creating a load balancer somewhere in the customer account. This adds
13      cost and complexity to a deployment. Without restricting this ability, users may easily
14      overrun established budgets and security practices set by the organization. This policy restricts
15      use of the Service type LoadBalancer.      
16spec:
17  validationFailureAction: audit
18  rules:
19  - name: no-LoadBalancer
20    match:
21      resources:
22        kinds:
23        - Service
24    validate:
25      message: "Service of type LoadBalancer is not allowed."
26      pattern:
27        spec:
28          type: "!LoadBalancer"
Create policy issue