Prevent Deprecated Ingress Class Annotation 1.0.0

Enforces that ingress classes are not specified via the deprecated kubernetes.io/ingress.class annotation. Use .spec.ingressClassName instead.

More information can be found in the Kubernetes Ingress docs.

  • Annotations
  • Operational

Applies to

  • Ingress

Example

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
- annotations:
-   kubernetes.io/ingress.class: internal
spec:
+ ingressClassName: internal
  rules:
    - host: www.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: example-service
                port:
                  number: 8080

Risk acceptance

Use the annotation securitytower.io/policy.exclusion.preventdeprecatedingressclassannotation as on the example below.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  annotations:
    securitytower.io/policy.exclusion.preventdeprecatedingressclassannotation: |
      The reason why you still have to use the deprecated annotation.
...