☑️ Prevent Ingress from forwarding all traffic to a single container

Misconfiguring the ingress host can unintended forward all traffic to a single pod instead of leveraging the load balancing capabilities. By verifying that ingress traffic is targeted by multiple pods, you will achieve higher application availability because you won't be dependent upon a single pod to serve all ingress traffic.

Targeted objects by this rule (types of kind): Ingress

Complexity: medium (What does this mean?)

Policy as code identifier: INGRESS_INCORRECT_HOST_VALUE_PERMISSIVE

This rule will fail

If only a wildcard character (`*`) is used to describe the targeted host

kind: Ingress
spec:
  rules:
    - host: "*"
      http:
        - path: /foo

Rule output in the CLI

$ datree test *.yaml

>> File: failExample.yaml
❌ Prevent Ingress from forwarding all traffic to a single container [1 occurrence]
💡 Incorrect value for key `host` - specify host instead of using a wildcard character (`*`)

How to fix this failure

kind: Ingress
spec:
  rules:
    - host: "*.example.com"
      http:
        - path: /foo

This rule will fail​

Rule output in the CLI​

How to fix this failure​

Read more​

This rule will fail

Rule output in the CLI

How to fix this failure

Read more