ashutosh-narkar/deny_privilege_escalation.rego

## deny_privilege_escalation.rego
package kubernetes.validating.deny_privilege_escalation

deny[msg] {
    some c
    input_container[c]
    not c.securityContext.allowPrivilegeEscalation == false
    msg := sprintf("Container '%v' should not have allowPrivilegeEscalation set to true.", [c.name])
}

input_container[container] {
    container := input.request.object.spec.containers[_]
}

input_container[container] {
    container := input.request.object.spec.initContainers[_]
}
	package kubernetes.validating.deny_privilege_escalation

	deny[msg] {
	some c
	input_container[c]
	not c.securityContext.allowPrivilegeEscalation == false
	msg := sprintf("Container '%v' should not have allowPrivilegeEscalation set to true.", [c.name])
	}

	input_container[container] {
	container := input.request.object.spec.containers[_]
	}

	input_container[container] {
	container := input.request.object.spec.initContainers[_]
	}