This is a deno typscript script, which pulls all the pods in the cluster, and runs a given opa policiy on each pod.
- https://deno.land/
- https://www.openpolicyagent.org/
- Valid Kubernetes configuration e.g.
$KUBECONFIG
- A *.rego policy file
deno run --allow-run \
https://gist.githubusercontent.com/theMagicalKarp/bb75c1edb038b9e33b145ac6622e167d/raw/48f7969b068cbcf21f12839392ddc765c71055a8/pod-opa.ts \
policies.rego data.main.is_root_user