Skip to content

Instantly share code, notes, and snippets.

@jmassardo
Created March 19, 2021 18:16
Show Gist options
  • Save jmassardo/5963e534e914f8a46480b826834f11d5 to your computer and use it in GitHub Desktop.
Save jmassardo/5963e534e914f8a46480b826834f11d5 to your computer and use it in GitHub Desktop.
enforce[decision] {
not excludedNamespaces[input.request.namespace]
data.library.v1.kubernetes.admission.workload.v1.block_privileged_mode[message]
decision := {
"allowed": false,
"message": message
}
}
enforce[decision] {
data.library.v1.kubernetes.admission.audit.v1.require_auditsink[message]
decision := {
"allowed": false,
"message": message
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment