Difficulty: Intermediate
Estimated Time: 5 minutes

CloudSecOps

We'll learn how to use OPA Gatekeeper to prevent creating namespaces in Service Accounts.

In this scenario, we have seen how to limit the creation of Service accounts to specific namespaces and the reason behind the need of this policy in our organizations.

For more info on this scenario - Prohibit Service Account Namespaces

For more OPA Gatekeeper use-cases - Mastering OPA Policies

Prohibit Service Account Namespaces

Step 1 of 4

Reason

Often in many environments, pulling images without specifing any tags will by default result in the image with tag "latest" being pulled instead of the recently updated image. Hence blocking of images with the "latest" tag will prevent accidental usage of images tagged "latest" that actually may not be the latest.