ashutosh-narkar/deny_host_namespaces.rego

## deny_host_namespaces.rego
package kubernetes.validating.deny_host_namespaces

deny[msg] {
	input.request.kind.kind == "Pod"
	input.request.object.spec.hostNetwork == true
	msg := "Pod cannot be created with hostNetwork enabled."
}

deny[msg] {
	input.request.kind.kind == "Pod"
	input.request.object.spec.hostPID == true
	msg := "Pod cannot be created with hostPID enabled."
}

deny[msg] {
	input.request.kind.kind == "Pod"
	input.request.object.spec.hostIPC == true
	msg := "Pod cannot be created with hostIPC enabled."
}
	package kubernetes.validating.deny_host_namespaces

	deny[msg] {
	input.request.kind.kind == "Pod"
	input.request.object.spec.hostNetwork == true
	msg := "Pod cannot be created with hostNetwork enabled."
	}

	deny[msg] {
	input.request.kind.kind == "Pod"
	input.request.object.spec.hostPID == true
	msg := "Pod cannot be created with hostPID enabled."
	}

	deny[msg] {
	input.request.kind.kind == "Pod"
	input.request.object.spec.hostIPC == true
	msg := "Pod cannot be created with hostIPC enabled."
	}