policies/opa/gatekeeper/constraints/8-svc-clusterip-ext-ips-allowed.yaml (19 lines of code) (raw):
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sSvcClusterIpExternalIpsAllow
metadata:
name: svc-clusterip-ext-ips-allow
spec:
match:
kinds:
- apiGroups: [""]
kinds: ["Service"]
namespaces:
- "opa-test"
parameters:
allowedOps: ["CREATE","UPDATE"]
allowedIps:
- 1.1.1.1
- 2.2.2.2
- 3.3.3.3
- 4.4.4.4
errMsg: "INVALID_SERVICE_EXTERNAL_IPS"