About SCullum

‎02-03-2021

since

L0 Member

1
Post
0
Likes
0
Solutions
Feb 03, 2021
Last Visited

User Activity

User Profile

When running a REGO script with the open policy agent OPA how do i only specify the kubernetes cluster to run against

814

‎02-03-2021 03:59 AM

Posts I Liked

Subject

Likes

Author

Is Twistlock scanner a proper vulnerability scanner?

1 Like

User Badges

Community Statistics

Member Since	‎02-03-2021 03:19 AM
Date Last Visited	‎02-03-2021 07:22 AM
Posts	1

I have multiple kubernetes clusters ; however when running a REGO script with the open policy agent how do i only run the policy against the cluster i want.. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/access_control/open_policy_agent.html q1) Is this done in the REGO script itself (see below) ..eg "if cluster == XXX" etc q2) Would this be done in the Prisma cloud UI ( i cannot see any where to mark a OPA policy as run on particular cluster etc ) # pseudo code.. How do i only run this policy on the cluster i care about if CLUSTER == "XXXX" { repo := "foobar" deny[msg] { some i input.request.kind.kind == "Pod" image := input.request.object.spec.containers[i].image not startswith(image, repo) msg := sprintf("Image '%s' comes from untrusted registry use '%s'",[image,repo]) } The UI - shows no setting to only run this policy against a particular cluster ..

Likes Given To

User

Likes Count