Skip to main content

☑️ Prevent Ingress from forwarding all traffic to a single container

Misconfiguring the ingress host can unintended forward all traffic to a single pod instead of leveraging the load balancing capabilities. By verifying that ingress traffic is targeted by multiple pods, you will achieve higher application availability because you won't be dependent upon a single pod to serve all ingress traffic.

Targeted resources by this rule (types of kind): Ingress

Enabled by default? True

Policy as code identifier: INGRESS_INCORRECT_HOST_VALUE_PERMISSIVE


This rule will fail

If only a wildcard character (`*`) is used to describe the targeted host

kind: Ingress
spec:
rules:
- host: "*"
http:
- path: /foo

Rule output in the CLI

$ datree test *.yaml

>> File: failExample.yaml
❌ Prevent Ingress from forwarding all traffic to a single container [1 occurrence]
💡 Incorrect value for key `host` - specify host instead of using a wildcard character (`*`)

How to fix this failure

kind: Ingress
spec:
rules:
- host: "*.example.com"
http:
- path: /foo

Read more