14 lines
312 B
Rego
14 lines
312 B
Rego
package main
|
|
|
|
warn[msg] {
|
|
input.kind = "Deployment"
|
|
not input.spec.template.spec.securityContext.runAsNonRoot = true
|
|
msg = "Containers must not run as root"
|
|
}
|
|
|
|
warn[msg] {
|
|
input.kind = "Deployment"
|
|
not input.spec.selector.matchLabels.app
|
|
msg = "Containers must provide app label for pod selectors"
|
|
}
|