These are basic rego rules for demo.
There are more useful rules from opa official: https://github.com/open-policy-agent/gatekeeper-library
- install OPA-Gatekeeper for your Kubernetes Cluster.
You can reference: https://open-policy-agent.github.io/gatekeeper/website/docs/install
- denyallpod: deny any pods creation
- image: accept specific container registry when pod creation
- label: accept specific label when namespace creation
- pod-security-context: deny root privileged container when pod creation
- use
kubectl apply -f xxx-rule.yaml
- use
kubectl apply -f xxx-invalid.yaml
to test rules.