hi Folks…i observed in the OPAin Kubernetes - Labs that creating a configmap for OPA Policy (using the kubectl imperative command ) without the label (http://openpolicyagent.org/policy|openpolicyagent.org/policy: rego) is able to enforce rules. From the lecture video for OPA in Kubernetes, it was mentioned that the label is mandatory in the configmap
( I tried adding the label without looking at the hint first time , was curious to try the solution provided and found this issue)
Can someone explain how is this possible without the label ?
Hey Dinesh, I had the same question as you at some point. If you check the default namespace in that lab, you will notice that it is
opa , and not
Store the policy in Kubernetes as a ConfigMap. By default kube-mgmt will try to load policies out of configmaps in the opa namespace OR configmaps in other namespaces labelled <http://openpolicyagent.org/policy=rego|openpolicyagent.org/policy=rego>.
Thanks @Aibek for the reply.
The kubectl context was set to OPA.
Small correction: just verified the kubectl config where the namespace was set to opa. Its not the default namespace setting that was altered.