mirror of https://github.com/kyverno/kyverno.git synced 2025-03-06 16:06:56 +00:00

Jim Bugwadia 1173e062c9 - add policy and test for known ingress

- fix messages and remove unnecessary comments in testrunner/scenario.go

2019-11-05 19:07:44 -08:00

697 B

Raw Blame History

Disallow unknown image registries

Images from unknown registries may not be scanned and secured. Requiring the use of trusted registries helps reduce threat exposure.

You can customize this policy to allow image registries that you trust.

Policy YAML

trusted_image_registries.yaml

apiVersion : kyverno.io/v1alpha1
kind: ClusterPolicy
metadata:
  name: trusted-registries
spec:
  rules:
  - name: trusted-registries
    match:
      resources:
        kinds:
        - Pod
    validate:
      message: "Unknown image registry"
      pattern:
        spec:
          containers:
          - image: "k8s.gcr.io/* | gcr.io/*"

697 B Raw Blame History

Disallow unknown image registries

Policy YAML

697 B

Raw Blame History