apiVersion: v1 kind: ConfigMap metadata: name: opa-default-system-main namespace: opa labels: app: opa owner: jimmy openpolicyagent.org/policy: rego data: main: | package system import data.kubernetes.admission main = { "apiVersion": "admission.k8s.io/v1beta1", "kind": "AdmissionReview", "response": response, } default uid = "" uid = input.request.uid response = { "allowed": false, "uid": uid, "status": { "reason": reason, }, } { reason = concat(", ", admission.deny) reason != "" } else = {"allowed": true, "uid": uid}