Skip to content
Permalink
Browse files

ImagePolicyWebhook: config can be embedded (#15233)

All admission control plugins support two modes for specifying their
configuration: linking to an external file using the `path` key in the
shared admission configuration file, or directly embedding the
configuration using the `configuration` key in the shared admission
configuration file.

This commit makes the ImagePolicyWebhook documentation mention the
embedded configuration option.
  • Loading branch information...
ahmedtd authored and k8s-ci-robot committed Jul 24, 2019
1 parent 31cbc5e commit 51de06b36a2b69daee48a9a2ab6002b265f157d7
Showing with 16 additions and 0 deletions.
  1. +16 −0 content/en/docs/reference/access-authn-authz/admission-controllers.md
@@ -249,6 +249,22 @@ plugins:
...
```

Alternatively, you can embed the configuration directly in the file:

```yaml
apiVersion: apiserver.k8s.io/v1alpha1
kind: AdmissionConfiguration
plugins:
- name: ImagePolicyWebhook
configuration:
imagePolicy:
kubeConfigFile: /path/to/file
allowTTL: 50
denyTTL: 50
retryBackoff: 500
defaultAllow: true
```

The ImagePolicyWebhook config file must reference a [kubeconfig](/docs/concepts/cluster-administration/authenticate-across-clusters-kubeconfig/) formatted file which sets up the connection to the backend. It is required that the backend communicate over TLS.

The kubeconfig file's cluster field must point to the remote service, and the user field must contain the returned authorizer.

0 comments on commit 51de06b

Please sign in to comment.
You can’t perform that action at this time.