Skip to content

Instantly share code, notes, and snippets.

@ashutosh-narkar

ashutosh-narkar/deny_privileged_mode.rego

Created July 23, 2021 17:38
Show Gist options
  • Save ashutosh-narkar/c5a8c07b3f9631914676e6aef07f0071 to your computer and use it in GitHub Desktop.
Save ashutosh-narkar/c5a8c07b3f9631914676e6aef07f0071 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
deny_privileged_mode.rego
package kubernetes.validating.deny_privileged_mode
deny[msg] {
some c
input_container[c]
c.securityContext.privileged
msg := sprintf("Container '%v' should not run in privileged mode.", [c.name])
}
input_container[container] {
container := input.request.object.spec.containers[_]
}
input_container[container] {
container := input.request.object.spec.initContainers[_]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment