Skip to content

Instantly share code, notes, and snippets.

@jmassardo
Created March 19, 2021 18:16
Show Gist options
  • Save jmassardo/b06769e604974943814ef1ac5b380e3b to your computer and use it in GitHub Desktop.
Save jmassardo/b06769e604974943814ef1ac5b380e3b to your computer and use it in GitHub Desktop.
block_priv_mode[decision] {
not excludedNamespaces[input.request.namespace]
data.library.v1.kubernetes.admission.workload.v1.block_privileged_mode[message]
decision := {
"allowed": false,
"message": message
}
}
require_audit[decision] {
data.library.v1.kubernetes.admission.audit.v1.require_auditsink[message]
decision := {
"allowed": false,
"message": message
}
}
enforce[decision] {
block_priv_mode[decision]
}
enforce[decision] {
require_audit[decision]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment