Difficulty: Intermediate
Estimated Time: 5 minutes

image

We are going to implement OPA policy for the situation when the pod contains the “privileged” property as TRUE and thus to block such containers.

In this scenario,we learned how to block the Privileged Containers.

To check explanation fo this usecase :- Deny Privilege Containers

For more OPA Gatekeeper use-cases do check -Master writeup of usecases

Deny "Privilege" Containers

Step 1 of 4

Reason

A privileged container is allowed to access to all the devices on the host with the same privileges of the process running on the host. Just in order to prevent the abuse of privilege mode we are making the policy for denying the privilege containers.