Difficulty: Intermediate
Estimated Time: 5 minutes

CloudSecOps

We'll learn how to use OPA Gatekeeper to prevent any kind of ingress/egress access based on pod labels.

In this scenario, we have seen how to prevent any kind of egress rules to a specific namespace ("webserver" namespace in our case) and the reason behind the need of this policy in our organizations.

For more info on this scenario - Restrict Egress Label Selectors in NetworkPolicies.

For more OPA Gatekeeper use-cases - Mastering OPA Policies

Restrict Egress Label Selectors in NetworkPolicies

Step 1 of 4

Reason

This allows us to implement finer controls for the cluster by following the principle of least privilege and making sure that access is given to a particular resource only if it is needed.