Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
31 lines (28 sloc) 880 Bytes
Anchore engine policy validator is now installed.
Create a validating webhook resources to start enforcement:
KUBE_CA=$(kubectl config view --minify=true --flatten -o json | jq '.clusters[0].cluster."certificate-authority-data"' -r)
cat > validating-webook.yaml <<EOF
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ template "anchore-policy-validator.fullname" . }}.admission.anchore.io
webhooks:
- name: {{ template "anchore-policy-validator.fullname" . }}.admission.anchore.io
clientConfig:
service:
namespace: default
name: kubernetes
path: /apis/admission.anchore.io/v1beta1/imagechecks
caBundle: $KUBE_CA
rules:
- operations:
- CREATE
apiGroups:
- ""
apiVersions:
- "*"
resources:
- pods
failurePolicy: Fail
EOF
kubectl apply -f validating-webook.yaml