All-Things-Docker-and-Kubernetes

Whitelist Allowed Registries

We can utilize various options to prevent users from using images from unwanted registries.

For the Image Policy Webhook, we first need to create the config file.

## /etc/kubernetes/admission-config.yaml 

apiVersion: apiserver.config.k8s.io/v1
kind: AdmisisionConfiguration
plugins:
- name: ImagePolicyWebhook 
  configuration:
    imagePolicy:
      kubeConfigFile: /path/tp/config/file 
      allowTTL: 50 
      denyTTL: 50 
      retryBackoff: 500 
      defaultAllow: true 

We can configure the Admission Webhook Server in the kubeconfig file:

To enable the admission controller, add it in the kube-apiserver files.


Back to first page