agrajm/constrainttemplate.yaml

## constrainttemplate.yaml
apiVersion: templates.gatekeeper.sh/v1beta1
kind: ConstraintTemplate
metadata:
  name: k8sazurecontainernoprivilege
spec:
  crd:
    spec:
      names:
        kind: K8sAzureContainerNoPrivilege
        listKind: K8sAzureContainerNoPrivilegeList
        plural: k8sazurecontainernoprivilege
        singular: k8sazurecontainernoprivilege
  targets:
    - target: admission.k8s.gatekeeper.sh
      rego: |
        package k8sazurecontainernoprivilege

        violation[{"msg": msg, "details": {}}] {
            c := input_containers[_]
            c.securityContext.privileged
            msg := sprintf("Privileged container is not allowed: %v, securityContext: %v", [c.name, c.securityContext])
        }

        input_containers[c] {
            c := input.review.object.spec.containers[_]
        }

        input_containers[c] {
            c := input.review.object.spec.initContainers[_]
        }
	apiVersion: templates.gatekeeper.sh/v1beta1
	kind: ConstraintTemplate
	metadata:
	name: k8sazurecontainernoprivilege
	spec:
	crd:
	spec:
	names:
	kind: K8sAzureContainerNoPrivilege
	listKind: K8sAzureContainerNoPrivilegeList
	plural: k8sazurecontainernoprivilege
	singular: k8sazurecontainernoprivilege
	targets:
	- target: admission.k8s.gatekeeper.sh
	rego: \|
	package k8sazurecontainernoprivilege

	violation[{"msg": msg, "details": {}}] {
	c := input_containers[_]
	c.securityContext.privileged
	msg := sprintf("Privileged container is not allowed: %v, securityContext: %v", [c.name, c.securityContext])
	}

	input_containers[c] {
	c := input.review.object.spec.containers[_]
	}

	input_containers[c] {
	c := input.review.object.spec.initContainers[_]
	}