kind: ConfigMap apiVersion: v1 metadata: name: clusterip-svc-ext-ips namespace: opa labels: app: opa owner: jimmy openpolicyagent.org/policy: rego data: main: | package kubernetes.admission import data.lib.k8s.helpers as helpers deny[msg] { helpers.request_kind = "Service" helpers.allowed_operations[helpers.request_operation] helpers.request_object.spec.type = "ClusterIP" helpers.request_object.spec.externalIPs msg = sprintf("%q: ClusterIP service cannot specify externalIPs element. Resource ID (ns/name/kind): %q", [helpers.service_error,helpers.request_id]) }