diff --git a/openshift-check-routes/README.md b/openshift-check-routes/README.md
new file mode 100644
index 00000000..e9fa8398
--- /dev/null
+++ b/openshift-check-routes/README.md
@@ -0,0 +1,7 @@
+## Introduction
+
+`openshift-check-routes` is a KCL validation module.
+
+## Resource
+
+The Code source and document are [here](https://github.com/kcl-lang/modules/tree/main/nginx-ingress/openshift-check-routes)
diff --git a/openshift-check-routes/kcl.mod b/openshift-check-routes/kcl.mod
new file mode 100644
index 00000000..dd65f069
--- /dev/null
+++ b/openshift-check-routes/kcl.mod
@@ -0,0 +1,5 @@
+[package]
+name = "openshift-check-routes"
+edition = "*"
+version = "0.1.0"
+description = "`openshift-check-routes` is a KCL validation module"
diff --git a/openshift-check-routes/main.k b/openshift-check-routes/main.k
new file mode 100644
index 00000000..54109dad
--- /dev/null
+++ b/openshift-check-routes/main.k
@@ -0,0 +1,7 @@
+validate = lambda item {
+    if item.kind in ["Route"]:
+        assert "tls" in item.spec, "HTTP routes are not allowed. Configure TLS for secure routes."
+    item
+}
+# Validate All resource
+items = [validate(i) for i in option("items") or []]
diff --git a/openshift-check-security-context-constraint/README.md b/openshift-check-security-context-constraint/README.md
new file mode 100644
index 00000000..3d849aea
--- /dev/null
+++ b/openshift-check-security-context-constraint/README.md
@@ -0,0 +1,7 @@
+## Introduction
+
+`openshift-check-security-context-constraint` is a KCL validation module.
+
+## Resource
+
+The Code source and document are [here](https://github.com/kcl-lang/modules/tree/main/nginx-ingress/openshift-check-security-context-constraint)
diff --git a/openshift-check-security-context-constraint/kcl.mod b/openshift-check-security-context-constraint/kcl.mod
new file mode 100644
index 00000000..e414e04d
--- /dev/null
+++ b/openshift-check-security-context-constraint/kcl.mod
@@ -0,0 +1,5 @@
+[package]
+name = "openshift-check-security-context-constraint"
+edition = "*"
+version = "0.1.0"
+description = "`openshift-check-security-context-constraint` is a KCL validation module"
diff --git a/openshift-check-security-context-constraint/main.k b/openshift-check-security-context-constraint/main.k
new file mode 100644
index 00000000..995255f9
--- /dev/null
+++ b/openshift-check-security-context-constraint/main.k
@@ -0,0 +1,7 @@
+validate = lambda item {
+    if item.kind in ["ClusterRole", "Role"]:
+        assert "anyuid" not in sum([r.resourceNames for r in item.rules], []), "Use of the SecurityContextConstraint (SCC) anyuid is not allowed"
+    item
+}
+# Validate All resource
+items = [validate(i) for i in option("items") or []]
diff --git a/openshift-check-security-context-roleref/README.md b/openshift-check-security-context-roleref/README.md
new file mode 100644
index 00000000..53d2fa33
--- /dev/null
+++ b/openshift-check-security-context-roleref/README.md
@@ -0,0 +1,7 @@
+## Introduction
+
+`openshift-check-security-context-roleref` is a KCL validation module.
+
+## Resource
+
+The Code source and document are [here](https://github.com/kcl-lang/modules/tree/main/nginx-ingress/openshift-check-security-context-roleref)
diff --git a/openshift-check-security-context-roleref/kcl.mod b/openshift-check-security-context-roleref/kcl.mod
new file mode 100644
index 00000000..0fd15987
--- /dev/null
+++ b/openshift-check-security-context-roleref/kcl.mod
@@ -0,0 +1,5 @@
+[package]
+name = "openshift-check-security-context-roleref"
+edition = "*"
+version = "0.1.0"
+description = "`openshift-check-security-context-roleref` is a KCL validation module"
diff --git a/openshift-check-security-context-roleref/main.k b/openshift-check-security-context-roleref/main.k
new file mode 100644
index 00000000..7a277be4
--- /dev/null
+++ b/openshift-check-security-context-roleref/main.k
@@ -0,0 +1,7 @@
+validate = lambda item {
+    if item.kind in ["ClusterRole", "Role"]:
+        assert "system:openshift:scc:anyuid" != item.roleRef.name, "Use of the SecurityContextConstraint (SCC) anyuid is not allowed"
+    item
+}
+# Validate All resource
+items = [validate(i) for i in option("items") or []]
diff --git a/openshift-check-self-provisioner-binding-no-subject/README.md b/openshift-check-self-provisioner-binding-no-subject/README.md
new file mode 100644
index 00000000..53ff8de3
--- /dev/null
+++ b/openshift-check-self-provisioner-binding-no-subject/README.md
@@ -0,0 +1,7 @@
+## Introduction
+
+`openshift-check-self-provisioner-binding-no-subject` is a KCL validation module.
+
+## Resource
+
+The Code source and document are [here](https://github.com/kcl-lang/modules/tree/main/nginx-ingress/openshift-check-self-provisioner-binding-no-subject)
diff --git a/openshift-check-self-provisioner-binding-no-subject/kcl.mod b/openshift-check-self-provisioner-binding-no-subject/kcl.mod
new file mode 100644
index 00000000..6bd9d7a7
--- /dev/null
+++ b/openshift-check-self-provisioner-binding-no-subject/kcl.mod
@@ -0,0 +1,5 @@
+[package]
+name = "openshift-check-self-provisioner-binding-no-subject"
+edition = "*"
+version = "0.1.0"
+description = "`openshift-check-self-provisioner-binding-no-subject` is a KCL validation module"
diff --git a/openshift-check-self-provisioner-binding-no-subject/main.k b/openshift-check-self-provisioner-binding-no-subject/main.k
new file mode 100644
index 00000000..fe10ad21
--- /dev/null
+++ b/openshift-check-self-provisioner-binding-no-subject/main.k
@@ -0,0 +1,7 @@
+validate = lambda item {
+    if item.kind in ["ClusterRoleBinding"]:
+        assert len(item.subjects or {}) == 0 if item.metadata.name == "self-provisioners", "Binding to the self-provisioners cluster role is not allowed."
+    item
+}
+# Validate All resource
+items = [validate(i) for i in option("items") or []]
diff --git a/openshift-check-self-provisioner-binding-with-subject/README.md b/openshift-check-self-provisioner-binding-with-subject/README.md
new file mode 100644
index 00000000..d940f6df
--- /dev/null
+++ b/openshift-check-self-provisioner-binding-with-subject/README.md
@@ -0,0 +1,7 @@
+## Introduction
+
+`openshift-check-self-provisioner-binding-with-subject` is a KCL validation module.
+
+## Resource
+
+The Code source and document are [here](https://github.com/kcl-lang/modules/tree/main/nginx-ingress/openshift-check-self-provisioner-binding-with-subject)
diff --git a/openshift-check-self-provisioner-binding-with-subject/kcl.mod b/openshift-check-self-provisioner-binding-with-subject/kcl.mod
new file mode 100644
index 00000000..9e2acfbf
--- /dev/null
+++ b/openshift-check-self-provisioner-binding-with-subject/kcl.mod
@@ -0,0 +1,5 @@
+[package]
+name = "openshift-check-self-provisioner-binding-with-subject"
+edition = "*"
+version = "0.1.0"
+description = "`openshift-check-self-provisioner-binding-with-subject` is a KCL validation module"
diff --git a/openshift-check-self-provisioner-binding-with-subject/main.k b/openshift-check-self-provisioner-binding-with-subject/main.k
new file mode 100644
index 00000000..223ae3b5
--- /dev/null
+++ b/openshift-check-self-provisioner-binding-with-subject/main.k
@@ -0,0 +1,7 @@
+validate = lambda item {
+    if item.kind in ["ClusterRoleBinding"]:
+        assert "self-provisioner" not in item.roleRef.name if item.metadata.name != "self-provisioners", "Binding to the self-provisioners cluster role is not allowed."
+    item
+}
+# Validate All resource
+items = [validate(i) for i in option("items") or []]
diff --git a/openshift-disallow-deprecated-apis/README.md b/openshift-disallow-deprecated-apis/README.md
new file mode 100644
index 00000000..0e0cf47e
--- /dev/null
+++ b/openshift-disallow-deprecated-apis/README.md
@@ -0,0 +1,7 @@
+## Introduction
+
+`openshift-disallow-deprecated-apis` is a KCL validation module.
+
+## Resource
+
+The Code source and document are [here](https://github.com/kcl-lang/modules/tree/main/nginx-ingress/openshift-disallow-deprecated-apis)
diff --git a/openshift-disallow-deprecated-apis/kcl.mod b/openshift-disallow-deprecated-apis/kcl.mod
new file mode 100644
index 00000000..dadb4f2d
--- /dev/null
+++ b/openshift-disallow-deprecated-apis/kcl.mod
@@ -0,0 +1,5 @@
+[package]
+name = "openshift-disallow-deprecated-apis"
+edition = "*"
+version = "0.1.0"
+description = "`openshift-disallow-deprecated-apis` is a KCL validation module"
diff --git a/openshift-disallow-deprecated-apis/main.k b/openshift-disallow-deprecated-apis/main.k
new file mode 100644
index 00000000..76804d72
--- /dev/null
+++ b/openshift-disallow-deprecated-apis/main.k
@@ -0,0 +1,16 @@
+DEPRECATED_APIS = [
+    "authorization.openshift.io/v1/ClusterRole"
+    "authorization.openshift.io/v1/ClusterRoleBinding"
+    "authorization.openshift.io/v1/Role"
+    "authorization.openshift.io/v1/RoleBinding"
+]
+get_kind = lambda item: {str:} -> str {
+    (item?.apiVersion or "") + (item?.kind or "")
+}
+validate = lambda item {
+    kind = get_kind(item)
+    assert kind not in DEPRECATED_APIS, "${kind} is deprecated."
+    item
+}
+# Validate All resource
+items = [validate(i) for i in option("items") or []]
diff --git a/openshift-disallow-jenkins-pipeline-strategy/README.md b/openshift-disallow-jenkins-pipeline-strategy/README.md
new file mode 100644
index 00000000..8191f6d8
--- /dev/null
+++ b/openshift-disallow-jenkins-pipeline-strategy/README.md
@@ -0,0 +1,7 @@
+## Introduction
+
+`openshift-disallow-jenkins-pipeline-strategy` is a KCL validation module.
+
+## Resource
+
+The Code source and document are [here](https://github.com/kcl-lang/modules/tree/main/nginx-ingress/openshift-disallow-jenkins-pipeline-strategy)
diff --git a/openshift-disallow-jenkins-pipeline-strategy/kcl.mod b/openshift-disallow-jenkins-pipeline-strategy/kcl.mod
new file mode 100644
index 00000000..9221813d
--- /dev/null
+++ b/openshift-disallow-jenkins-pipeline-strategy/kcl.mod
@@ -0,0 +1,5 @@
+[package]
+name = "openshift-disallow-jenkins-pipeline-strategy"
+edition = "*"
+version = "0.1.0"
+description = "`openshift-disallow-jenkins-pipeline-strategy` is a KCL validation module"
diff --git a/openshift-disallow-jenkins-pipeline-strategy/main.k b/openshift-disallow-jenkins-pipeline-strategy/main.k
new file mode 100644
index 00000000..2cc7a501
--- /dev/null
+++ b/openshift-disallow-jenkins-pipeline-strategy/main.k
@@ -0,0 +1,7 @@
+validate = lambda item {
+    if item.kind in ["BuildConfig"]:
+        assert "jenkinsPipelineStrategy" not in item.spec.strategy, "Jenkins Pipeline Build Strategy has been deprecated and is not allowed"
+    item
+}
+# Validate All resource
+items = [validate(i) for i in option("items") or []]
diff --git a/openshift-enforce-etcd-encryption/README.md b/openshift-enforce-etcd-encryption/README.md
new file mode 100644
index 00000000..9b80e1c5
--- /dev/null
+++ b/openshift-enforce-etcd-encryption/README.md
@@ -0,0 +1,7 @@
+## Introduction
+
+`openshift-enforce-etcd-encryption` is a KCL validation module.
+
+## Resource
+
+The Code source and document are [here](https://github.com/kcl-lang/modules/tree/main/nginx-ingress/openshift-enforce-etcd-encryption)
diff --git a/openshift-enforce-etcd-encryption/kcl.mod b/openshift-enforce-etcd-encryption/kcl.mod
new file mode 100644
index 00000000..8460c883
--- /dev/null
+++ b/openshift-enforce-etcd-encryption/kcl.mod
@@ -0,0 +1,5 @@
+[package]
+name = "openshift-enforce-etcd-encryption"
+edition = "*"
+version = "0.1.0"
+description = "`openshift-enforce-etcd-encryption` is a KCL validation module"
diff --git a/openshift-enforce-etcd-encryption/main.k b/openshift-enforce-etcd-encryption/main.k
new file mode 100644
index 00000000..37d5fb5b
--- /dev/null
+++ b/openshift-enforce-etcd-encryption/main.k
@@ -0,0 +1,11 @@
+keys: lambda obj: {str:} -> [str] {
+    [k for k in obj]
+}
+
+validate = lambda item {
+    if item.kind in ["APIServer"]:
+        assert "encryption" in keys(item.spec), "Encryption should be enabled for etcd"
+    item
+}
+# Validate All resource
+items = [validate(i) for i in option("items") or []]
diff --git a/openshift-inject-infrastructure-name/README.md b/openshift-inject-infrastructure-name/README.md
new file mode 100644
index 00000000..93a08318
--- /dev/null
+++ b/openshift-inject-infrastructure-name/README.md
@@ -0,0 +1,7 @@
+## Introduction
+
+`openshift-inject-infrastructure-name` is a KCL mutation module.
+
+## Resource
+
+The Code source and document are [here](https://github.com/kcl-lang/modules/tree/main/nginx-ingress/openshift-inject-infrastructure-name)
diff --git a/openshift-inject-infrastructure-name/kcl.mod b/openshift-inject-infrastructure-name/kcl.mod
new file mode 100644
index 00000000..23487cfb
--- /dev/null
+++ b/openshift-inject-infrastructure-name/kcl.mod
@@ -0,0 +1,6 @@
+[package]
+name = "openshift-inject-infrastructure-name"
+edition = "*"
+version = "0.1.0"
+description = "`openshift-inject-infrastructure-name` is a KCL mutation module"
+
diff --git a/openshift-inject-infrastructure-name/kcl.mod.lock b/openshift-inject-infrastructure-name/kcl.mod.lock
new file mode 100644
index 00000000..e69de29b
diff --git a/openshift-inject-infrastructure-name/main.k b/openshift-inject-infrastructure-name/main.k
new file mode 100644
index 00000000..1897ff18
--- /dev/null
+++ b/openshift-inject-infrastructure-name/main.k
@@ -0,0 +1,9 @@
+import json
+
+name: str = option("params")?.name or ""
+# Validate All resource
+items = [item | {
+    if item.kind in ["MachineSet"]:
+        metadata = json.decode(json.encode(item.metadata).replace("TEMPLATE", name))
+        spec = json.decode(json.encode(item.spec).replace("TEMPLATE", name))
+} for item in option("items") or []]
diff --git a/openshift-team-validate-ns-name/README.md b/openshift-team-validate-ns-name/README.md
new file mode 100644
index 00000000..691dfc07
--- /dev/null
+++ b/openshift-team-validate-ns-name/README.md
@@ -0,0 +1,7 @@
+## Introduction
+
+`openshift-team-validate-ns-name` is a KCL validation module.
+
+## Resource
+
+The Code source and document are [here](https://github.com/kcl-lang/modules/tree/main/nginx-ingress/openshift-team-validate-ns-name)
diff --git a/openshift-team-validate-ns-name/kcl.mod b/openshift-team-validate-ns-name/kcl.mod
new file mode 100644
index 00000000..7224bdc3
--- /dev/null
+++ b/openshift-team-validate-ns-name/kcl.mod
@@ -0,0 +1,5 @@
+[package]
+name = "openshift-team-validate-ns-name"
+edition = "*"
+version = "0.1.0"
+description = "`openshift-team-validate-ns-name` is a KCL validation module"
diff --git a/openshift-team-validate-ns-name/main.k b/openshift-team-validate-ns-name/main.k
new file mode 100644
index 00000000..8a69f902
--- /dev/null
+++ b/openshift-team-validate-ns-name/main.k
@@ -0,0 +1,8 @@
+validate = lambda item {
+    if item.kind in ["Namespace", "ProjectRequest", "Project"]:
+        names = ["-".join([g, "*"]) for g in item.userInfo.groups if ":" not in g]
+        assert item.metadata.name not in names, "The only names approved for your Namespaces are the ones starting by <group-name>-* that not contains '*'"
+    item
+}
+# Validate All resource
+items = [validate(i) for i in option("items") or []]
diff --git a/openshift-unique-routes/README.md b/openshift-unique-routes/README.md
new file mode 100644
index 00000000..095f3552
--- /dev/null
+++ b/openshift-unique-routes/README.md
@@ -0,0 +1,7 @@
+## Introduction
+
+`openshift-unique-routes` is a KCL validation module.
+
+## Resource
+
+The Code source and document are [here](https://github.com/kcl-lang/modules/tree/main/nginx-ingress/openshift-unique-routes)
diff --git a/openshift-unique-routes/kcl.mod b/openshift-unique-routes/kcl.mod
new file mode 100644
index 00000000..e4aafdcb
--- /dev/null
+++ b/openshift-unique-routes/kcl.mod
@@ -0,0 +1,5 @@
+[package]
+name = "openshift-unique-routes"
+edition = "*"
+version = "0.1.0"
+description = "`openshift-unique-routes` is a KCL validation module"
diff --git a/openshift-unique-routes/main.k b/openshift-unique-routes/main.k
new file mode 100644
index 00000000..88221077
--- /dev/null
+++ b/openshift-unique-routes/main.k
@@ -0,0 +1,7 @@
+validate = lambda item {
+    if item.kind in ["Route"]:
+        assert isunique(item.spec.host or []), "The Route host name must be unique."
+    item
+}
+# Validate All resource
+items = [validate(i) for i in option("items") or []]