Reputation: 61
apply my policy(policy.rego) bydfault to my opa
I am using an ci/cd application called concourse which got recently, integrated to OPA . Our concourse setup is running in k8s. I am trying to run the opa as a sidecar it recommended with below configuration./
sidecar configuration : https://github.com/concourse/concourse-chart/blob/master/values.yaml#L1530
sidecarContainers:
- name: opa
image: openpolicyagent/opa:0.21.0
args:
- "run"
- "--server"
I want to apply some policies as well. my policy file is concourse_policy.rego
package concourse
default allow = true
allow = false {
input.action == "UseImage"
input.data.privileged == true
I am not sure, how to make this policy applied bydefault to my opa, when sidecar is running. How can do it. ?
Upvotes: 0
Views: 189
Answers (1)
Reputation: 2315
You'll need to either mount a volume containing your policies into the container and start OPA pointing to those, or you could use OPA's bundle API to retrieve the policies from a remote endpoint.
Upvotes: 1
Related Questions
- Using OR condition in OPA rego
- how to control/sanitise Open Policy Agent (OPA) response
- Is there a way in OPA to only evaluate policies relevant to certain request?
- OPA Rego - How to do tag or label matching
- Rego function to define variables
- Pass back a value from Open Policy Agent (OPA) query
- OPA conflicting policy
- Open policy agent - explicit logical AND in CI pipeline
- Integrate Open Policy Agent with ASP.Net Core web API
- Limit OPA Rego to a single rule solution