jmassardo · February 19, 2021 14:20
diff --git a/ExcludeNamespace.rego b/ExcludeNamespace.rego
 # List of namespaces to exclude
 excludedNamespaces = {"good", "ok"}

 imageSafety[decision] {
  # This rule compares the namespace from the admission controller
  # to the list of namespaces above
  not excludedNamespaces[input.request.namespace]
  data.library.v1.kubernetes.admission.workload.v1.block_latest_image_tag[message]

  decision := {
    "allowed": false,
    "message": message
  }
 }
	# List of namespaces to exclude
	excludedNamespaces = {"good", "ok"}

	imageSafety[decision] {
	# This rule compares the namespace from the admission controller
	# to the list of namespaces above
	not excludedNamespaces[input.request.namespace]
	data.library.v1.kubernetes.admission.workload.v1.block_latest_image_tag[message]

	decision := {
	"allowed": false,
	"message": message
	}
	}