policies/opa/gatekeeper/constraints/2-dep-security-context-constraint.yaml (14 lines of code) (raw):
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sDepSecurityContext
metadata:
name: deployment-security-context
spec:
match:
kinds:
- apiGroups: ["*"]
kinds: ["Deployment"]
namespaces:
- "opa-test"
parameters:
allowedOps: ["CREATE","UPDATE"]
errMsg: "INVALID_DEPLOYMENT_SECURITY_CONTEXT"