This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies. For details on cookie usage on our site, read our Privacy Policy
I have multiple kubernetes clusters ; however when running a REGO script with the open policy agent how do i only run the policy against the cluster i want.. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/access_control/open_policy_agent.html q1) Is this done in the REGO script itself (see below) ..eg "if cluster == XXX" etc q2) Would this be done in the Prisma cloud UI ( i cannot see any where to mark a OPA policy as run on particular cluster etc ) # pseudo code.. How do i only run this policy on the cluster i care about
if CLUSTER == "XXXX"
{
repo := "foobar"
deny[msg] {
some i
input.request.kind.kind == "Pod"
image := input.request.object.spec.containers[i].image
not startswith(image, repo)
msg := sprintf("Image '%s' comes from untrusted registry use '%s'",[image,repo])
} The UI - shows no setting to only run this policy against a particular cluster ..
... View more