package main # Deny all Kubernetes Ingress resources. # This cluster uses Gateway API (HTTPRoute + Gateway) for ingress routing. # Ingress is the legacy API and must not be added. deny contains msg if { input.kind == "Ingress" msg := sprintf( "%s/%s: Ingress resources are forbidden — use Gateway API HTTPRoute instead", [input.metadata.namespace, input.metadata.name], ) }