mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-07 08:26:53 +00:00
Code Activity

add background processing documentation

Browse source
This commit is contained in:
shivkumar dudhani 2020-01-23 10:41:22 -08:00
parent ea6c95ae5f
commit 7b32431797
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
documentation/writing-policies.md
View file

@ -131,5 +131,22 @@ Operators supported:
- Equal
- NotEqual
# Background processing
Kyverno applies policies in foreground and background mode.
- `foreground`: leverages admission control webhooks to intercept the resource api-request and apply policy on it.
- `background`: policy-controller applies policies on the existing resoruces after configured re-conciliation time.
A policy is always enable for `foreground` processing, but `background` processing is configurable using a boolean flag at `{spec.background}`.
```
spec:
background: true
rules:
- name: default-deny-ingress
```
- Unless specified the default value is `true`
- As the userInformation is only avaiable in the incoming api-request, a policy using userInfo filters and variables reffering to `{{request.userInfo}}` can only be processed in foreground mode.
- When a new policy is created, the policy validation will throw an error if using `userInfo` with a policy defined in background mode.
---
<small>*Read Next >> [Validate](/documentation/writing-policies-validate.md)*</small>