Control: Ingress definition should not allow any usage of NGINX ingress annotation snippets
Description
This check ensures that the NGINX ingress annotation snippets usage is not allowed in the Ingress.
Usage
Run the control in your terminal:
powerpipe control run kubernetes_compliance.control.ingress_nginx_annotations_all_snippets_not_usedSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run kubernetes_compliance.control.ingress_nginx_annotations_all_snippets_not_used --shareSQL
This control uses a named query:
select coalesce(uid, concat(path, ':', start_line)) as resource, case when a.key like '%snippet%' then 'alarm' else 'ok' end as status, case when a.key like '%snippet%' then a.key || ' annotation snippet used.' else a.key || ' annotation snippet not used.' end as reason, name as ingress_name , coalesce(context_name, '') as context_name, namespace, source_type, coalesce(path || ':' || start_line || '-' || end_line, '') as pathfrom kubernetes_ingress, jsonb_each_text(annotations) as a;