mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-09 01:16:55 +00:00
18 lines
641 B
YAML
18 lines
641 B
YAML
apiVersion: policy.nirmata.io/v1alpha1
|
|
kind: Policy
|
|
metadata:
|
|
name: check-whitelist-registries
|
|
spec:
|
|
rules:
|
|
- name: check-whitelist-registries
|
|
message: "Registry is not allowed"
|
|
resource:
|
|
kind: Deployment
|
|
validate:
|
|
pattern:
|
|
template:
|
|
spec:
|
|
containers:
|
|
# Checks if the image path starts with "https://private.registry.io" OR "https://hub.docker.io/nirmata/*"
|
|
# If some property contains operator | as a normal part of its value, it should be escaped by backslash: "\|".
|
|
image: https://private.registry.io* | https://hub.docker.io/nirmata/*
|