We can utilize various options to prevent users from using images from unwanted registries.
For the Image Policy Webhook, we first need to create the config file.
## /etc/kubernetes/admission-config.yaml
apiVersion: apiserver.config.k8s.io/v1
kind: AdmisisionConfiguration
plugins:
- name: ImagePolicyWebhook
configuration:
imagePolicy:
kubeConfigFile: /path/tp/config/file
allowTTL: 50
denyTTL: 50
retryBackoff: 500
defaultAllow: true
We can configure the Admission Webhook Server in the kubeconfig file:
To enable the admission controller, add it in the kube-apiserver files.