mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-31 03:45:17 +00:00
Code Activity

update installation.md

Browse source
This commit is contained in:
Shuting Zhao 2019-12-12 18:02:54 -08:00
parent 7b9c8d763a
commit e066be3efa
1 changed files with 9 additions and 1 deletions

10
documentation/installation.md
View file

@ -81,7 +81,7 @@ Kyverno uses secrets created above to setup TLS communication with the kube-apis
To install a specific version, change the image tag with git tag in `install.yaml`.
e.g., change image tag from `latest` to the specific tag `v0.3.0`.
e.g., change image tag from `latest` to the specific tag `v1.0.0`.
>>>
spec:
containers:
@ -112,6 +112,14 @@ kubectl logs <kyverno-pod-name> -n kyverno
Here is a script that generates a self-signed CA, a TLS certificate-key pair, and the corresponding kubernetes secrets: [helper script](/scripts/generate-self-signed-cert-and-k8secrets.sh)
# Configure a namespace admin to access policy violations
During Kyverno installation, it creates a ClusterRole `policyviolation` which has the `list,get,watch` operation on resource `policyviolations`. To grant access to a namespace admin, configure [definitions/rolebinding.yaml](../definitions/rolebinding.yaml) then apply to the cluster.
- Replace `metadata.namespace` with namespace of the admin
- Configure `subjects` field to bind admin's role to the ClusterRole `policyviolation`
# Installing outside of the cluster (debug mode)
To build Kyverno in a development environment see: https://github.com/nirmata/kyverno/wiki/Building