Difficulty: Intermediate
Estimated Time: 5 minutes

CloudSecOps

We'll learn how to use OPA Gatekeeper to prevent applying any kind of ingress/egress rules to the pod which matches the label ‘access: admin’ in the backend namespace.

In this scenario, we have seen how to prohibit the usage of images having the "latest" tag and the reason behind the need of this policy in our organizations.

For more info on this scenario - Restrict Namespace and Pod Selectors in NetworkPolicies

For more OPA Gatekeeper use-cases - Mastering OPA Policies

Restrict Namespace and Pod Selectors in NetworkPolicies

Step 1 of 4

Reason

Often in many environments, pulling images without specifing any tags will by default result in the image with tag "latest" being pulled instead of the recently updated image. Hence blocking of images with the "latest" tag will prevent accidental usage of images tagged "latest" that actually may not be the latest.