Playing with Open Policy Agent Policies for Kubernetes.
Please refer to Running OPA.
You can use Gatekeeper to run OPA within Kubernetes.
Gatekeeper uses the OPA Constraint Framework to describe and enforce policy.
$ opa test -v *.rego
data.kubernetes.validating.image.test_deny: PASS (1.538124ms)
data.kubernetes.validating.labels.test_bad_pod: PASS (1.335433ms)
data.kubernetes.validating.labels.test_good_pod: PASS (1.108388ms)
data.kubernetes.validating.resources.test_requests: PASS (1.4341ms)
data.kubernetes.validating.resources.test_limits: PASS (1.173867ms)
--------------------------------------------------------------------------------
PASS: 5/5
$ opa test --coverage -v *.rego | jq 'to_entries | .[] |select(.key|test("coverage"))'
{
"key": "coverage",
"value": 100
}