diff --git a/opa_gatekeeper/constraint_templates/ingress-default-ingressclass-constraint.yaml b/opa_gatekeeper/constraint_templates/ingress-default-ingressclass-constraint.yaml
new file mode 100644
index 0000000..1927e85
--- /dev/null
+++ b/opa_gatekeeper/constraint_templates/ingress-default-ingressclass-constraint.yaml
@@ -0,0 +1,29 @@
+apiVersion: templates.gatekeeper.sh/v1
+kind: ConstraintTemplate
+metadata:
+  name: validateingressclass
+spec:
+  crd:  
+    spec:
+      names:
+        kind: ValidateIngressClass
+  targets:
+    - target: admission.k8s.gatekeeper.sh
+      rego: |
+        package validateingressclass
+
+        violation[{"msg": msg}] {
+          c := "default"
+          input.review.object.spec.ingressClassName == c
+          msg := sprintf("ingress  %v is using default ingress class", [input.review.object.metadata.name])
+        }
+---        
+apiVersion: constraints.gatekeeper.sh/v1beta1
+kind: ValidateIngressClass
+metadata:
+  name: ingress-should-not-use-default-class
+spec:
+  match:
+    kinds:
+      - apiGroups: ["networking.k8s.io"]
+        kinds: ["Ingress"]
\ No newline at end of file