Control: Ingress definition should not allow any usage of NGINX ingress annotation snippets
This check ensures that the NGINX ingress annotation snippets usage is not allowed in the Ingress.
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.ingress_nginx_annotations_all_snippets_not_used
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.ingress_nginx_annotations_all_snippets_not_used --share
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when a.key like '%snippet%' then 'alarm' else 'ok' end as status, case when a.key like '%snippet%' then a.key || ' annotation snippet used.' else a.key || ' annotation snippet not used.' end as reason, name as ingress_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_ingress, jsonb_each_text(annotations) as a;