rego-policies
rego-policies copied to clipboard
k8s: podsecuritypolicy via OPA
Can we OPA'erize:
- https://github.com/tektoncd/triggers/blob/master/config/101-podsecuritypolicy.yaml
This would probably need to be tested on vanilla k8s or on OCP with SCCs least enforcing, just to stop them interfering - needs a quick check.
(just came to like 'OPA'erize' 🙈)
@truncj ; hey, saw you mentioned you might pick this up on the CoP call agenda. Any progress / luck in getting time?
@garethahealy yup! took another look at it today and made some progress. I'll push up the changes and ask for some feedback tomorrow.
stale, didn't get any time/traction.