Symptom:
We start to use OPA gatekeeper for our kubernetes clusters. Refer https://github.com/open-policy-agent/gatekeeper for more details.When we code some policies for kubernetes using OPA (open policy agent) Rego ,we would like to reference "key" name and "value" in nodeSelector key-value pair. ie we have
nodeSelector:I would like to refererence "app" which is key and "test" which is value in our OPA gatekeeper policy .
app: mytest
Solution:
The easy way to do it ismyvalue := input.review.object.spec.nodeSelector[mykey]The value of varible mykey will have "app"
The value variable myvalue will have "mytest"
And they are strings
To get "set" , we need to use special way to achieve it:
To get "set" for key :
provided := {mykey | input.review.object.spec.nodeSelector[mykey]}To get set for value:
provided := {myvalue | myvalue := input.review.object.spec.nodeSelector[_]}
No comments:
Post a Comment