Skip to content

Instantly share code, notes, and snippets.

@aavarghese
Last active April 21, 2021 19:55
Show Gist options
  • Save aavarghese/593085757832ecbd6d4d97798d3b600d to your computer and use it in GitHub Desktop.
Save aavarghese/593085757832ecbd6d4d97798d3b600d to your computer and use it in GitHub Desktop.
package kubernetes.admission
deny[msg] {
input.request.kind.kinds == "Pod" # This line has a typo, should be input.request.kind.kind
image := input.request.object.spec.containers[_].image
not startswith(image, "hooli.com/")
msg := sprintf("image '%v' comes from untrusted registry", [image])
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment