This repository has been archived by the owner on Feb 22, 2024. It is now read-only.
Add support for policy language configmap #4
Labels
kind/enhancement
New feature or request
Comments
surajssd
added
kind/bug
|
Let's consider the Rego language, used by OPA https://www.openpolicyagent.org/docs/latest/policy-language/ |
|
Looks like our seccompagent is working with it as well kinvolk/seccompagent#12 (additional info https://github.com/kubearmor/KubeArmor/blob/main/getting-started/security_policy_specification.md) |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Right now instead of going into implementing full-fledged CRDs, rely on a configmap for the policy information. The app will read the policy from a configmap with name
fanotify-policyinfanotify-monnamespace with keypolicy. This policy will be parsed by the application to decide what pods should be selected for policy enforcement.Here is the document to flesh out the policy language.
The text was updated successfully, but these errors were encountered: