added basic policy (not applying for some reason)

sionsmith · sionsmith · commit 3e6b4dedac17 · 2021-09-21T17:38:00.000+01:00
diff --git a/examples/multi-tenacy/open-policy-agent/deployment.yaml b/examples/multi-tenacy/open-policy-agent/deployment.yaml
@@ -27,7 +27,7 @@ spec:
           ports:
           - name: https
             containerPort: 443
-          image: openpolicyagent/opa:0.32.0
+          image: openpolicyagent/opa:0.32.1
           imagePullPolicy: IfNotPresent
           resources:
             {}
diff --git a/examples/multi-tenacy/open-policy-agent/kustomization.yaml b/examples/multi-tenacy/open-policy-agent/kustomization.yaml
@@ -9,3 +9,13 @@ resources:
   - service.yaml
   - webhookconfiguration.yaml
   - deployment.yaml
+
+configMapGenerator:
+- name: opa-default-system-main
+  files:
+    - policies/main.rego
+
+generatorOptions:
+  disableNameSuffixHash: true
+  labels:
+    openpolicyagent.org/policy: rego
diff --git a/examples/multi-tenacy/open-policy-agent/policies/main.rego b/examples/multi-tenacy/open-policy-agent/policies/main.rego
@@ -0,0 +1,17 @@
+package system
+import data.kubernetes.admission
+main = {
+  "apiVersion": "admission.k8s.io/v1beta1",
+  "kind": "AdmissionReview",
+  "response": response,
+}
+default response = {"allowed": true}
+response = {
+  "allowed": false,
+  "status": {
+    "reason": reason,
+  },
+} {
+  reason = concat(", ", admission.deny)
+  reason != ""
+}
