diff --git a/documentation/installation.md b/documentation/installation.md index 1e8f8934c2..c1adbb8a25 100644 --- a/documentation/installation.md +++ b/documentation/installation.md @@ -127,10 +127,23 @@ The [Kyverno CLI](documentation/testing-policies.md#test-using-the-kyverno-cli) # Filter kuberenetes resources that admission webhook should not process +The admission webhook checks if a policy is applicable on all admission requests. The kubernetes kinds that are not be processed can be filtered by adding the configmap named `init-config` in namespace `kyverno` and specifying the resources to be filtered under `data.resourceFilters` -The admission webhook checks if a policy is applicable on all admission requests. The kubernetes kinds that are not be processed can be filtered by using the command line argument 'filterKind'. +THe confimap is picked from the envenvironment variable `INIT_CONFIG` passed to the kyverno deployment spec. -By default we have specified Nodes, Events, APIService & SubjectAccessReview as the kinds to be skipped in the [install.yaml](https://github.com/nirmata/kyverno/raw/master/definitions/install.yaml). +``` +apiVersion: v1 +kind: ConfigMap +metadata: + name: init-config + namespace: kyverno +data: + # resource types to be skipped by kyverno policy engine + resourceFilters: "[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][*,kyverno,*]" +``` + +By default we have specified Nodes, Events, APIService & SubjectAccessReview as the kinds to be skipped in the default configmap +[install.yaml](https://github.com/nirmata/kyverno/raw/master/definitions/init_configMap.yaml). --- *Read Next >> [Writing Policies](/documentation/writing-policies.md)*