...
Code Block |
---|
containers: - args: ... - --imagePullSecrets=regcred |
Create Policy:
Code Block |
---|
apiVersion: kyverno.io/v1 kind: Policy metadata: name: check-image spec: validationFailureAction: Enforce background: false webhookTimeoutSeconds: 30 failurePolicy: Fail rules: - name: check-image match: any: - resources: kinds: - Pod verifyImages: - imageReferences: - "ncydacrinprogress.azurecr.io/cloudhut/kowl:*" attestors: - count: 1 entries: - keys: publicKeys: |- -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6887939UfT9OPMHvST7OBfT1xAva iRPbB1Hyar+nFCUWVvX7EviEPLxTZRNQ2A4OPKAkDo1e3HI8OFTr9ZAIyQ== -----END PUBLIC KEY----- |
...