Open Policy Agent
OPA in Kubernetes to block create load balancer except with specific annotation in .rego #153
Unanswered
cmwatts1974
asked this question in
OPA and Rego
Replies: 1 comment
-
|
Answered here. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
How do I write my .rego file to deny creation of loadbalancer except with specific annotation in .rego file...see below what I have tried
package kubernetes.admission
import data.kubernetes.namespaces
import input.request.object.metadata.annotations as annotations
deny[msg] {
input.request.kind.kind = "Service"
input.request.operation = "CREATE"
input.request.object.spec.type = "LoadBalancer"
missing_required_annotations[msg]
}
missing_required_annotations[msg] {
not annotations["service.beta.kubernetes.io/aws-load-balancer-scheme = "internal"] = internal
}
Beta Was this translation helpful? Give feedback.
All reactions