Open Policy Agent
OPA in Kubernetes to block create load balancer except with specific annotation in .rego #153
Unanswered
cmwatts1974
asked this question in
OPA and Rego
Replies: 1 comment
-
|
Answered here. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
How do I write my .rego file to deny creation of loadbalancer except with specific annotation in .rego file...see below what I have tried
package kubernetes.admission
import data.kubernetes.namespaces
import input.request.object.metadata.annotations as annotations
deny[msg] {
input.request.kind.kind = "Service"
input.request.operation = "CREATE"
input.request.object.spec.type = "LoadBalancer"
missing_required_annotations[msg]
}
missing_required_annotations[msg] {
not annotations["service.beta.kubernetes.io/aws-load-balancer-scheme = "internal"] = internal
}
Beta Was this translation helpful? Give feedback.
All reactions