I have multiple kubernetes clusters ; however when running a REGO script with the open policy agent how do i only run the policy against the cluster i want.. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/access_control/open_policy_agent.html q1) Is this done in the REGO script itself (see below) ..eg "if cluster == XXX" etc q2) Would this be done in the Prisma cloud UI ( i cannot see any where to mark a OPA policy as run on particular cluster etc ) # pseudo code.. How do i only run this policy on the cluster i care about
if CLUSTER == "XXXX"
{
repo := "foobar"
deny[msg] {
some i
input.request.kind.kind == "Pod"
image := input.request.object.spec.containers[i].image
not startswith(image, repo)
msg := sprintf("Image '%s' comes from untrusted registry use '%s'",[image,repo])
} The UI - shows no setting to only run this policy against a particular cluster ..
... View more