pkg/manifests/policy/manifests/k8sdisallowanonymous.yaml (11 lines of code) (raw):
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sDisallowAnonymous
metadata:
name: no-anonymous
spec:
match:
kinds:
- apiGroups: ["rbac.authorization.k8s.io"]
kinds: ["ClusterRoleBinding"]
- apiGroups: ["rbac.authorization.k8s.io"]
kinds: ["RoleBinding"]