From b7efd16141b96fc95a2fc7fa422085bae0b2f9fb Mon Sep 17 00:00:00 2001
From: Ankur <ankur@rafay.co>
Date: Thu, 22 Feb 2024 13:50:14 +0530
Subject: [PATCH] adding one example of ConstraintTemplate

---
 ...gress-default-ingressclass-constraint.yaml | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 opa_gatekeeper/constraint_templates/ingress-default-ingressclass-constraint.yaml

diff --git a/opa_gatekeeper/constraint_templates/ingress-default-ingressclass-constraint.yaml b/opa_gatekeeper/constraint_templates/ingress-default-ingressclass-constraint.yaml
new file mode 100644
index 0000000..1927e85
--- /dev/null
+++ b/opa_gatekeeper/constraint_templates/ingress-default-ingressclass-constraint.yaml
@@ -0,0 +1,29 @@
+apiVersion: templates.gatekeeper.sh/v1
+kind: ConstraintTemplate
+metadata:
+  name: validateingressclass
+spec:
+  crd:  
+    spec:
+      names:
+        kind: ValidateIngressClass
+  targets:
+    - target: admission.k8s.gatekeeper.sh
+      rego: |
+        package validateingressclass
+
+        violation[{"msg": msg}] {
+          c := "default"
+          input.review.object.spec.ingressClassName == c
+          msg := sprintf("ingress  %v is using default ingress class", [input.review.object.metadata.name])
+        }
+---        
+apiVersion: constraints.gatekeeper.sh/v1beta1
+kind: ValidateIngressClass
+metadata:
+  name: ingress-should-not-use-default-class
+spec:
+  match:
+    kinds:
+      - apiGroups: ["networking.k8s.io"]
+        kinds: ["Ingress"]
\ No newline at end of file