| 1234567891011121314151617181920212223 |
- ---
- openshift_master_admission_plugin_config:
- openshift.io/ImagePolicy:
- configuration:
- kind: ImagePolicyConfig
- apiVersion: v1
- # To require that all images running on the platform be imported first, you may uncomment the
- # following rule. Any image that refers to a registry outside of OpenShift will be rejected unless it
- # unless it points directly to an image digest (myregistry.com/myrepo/image@sha256:ea83bcf...) and that
- # digest has been imported via the import-image flow.
- #resolveImages: Required
- executionRules:
- - name: execution-denied
- # Reject all images that have the annotation images.openshift.io/deny-execution set to true.
- # This annotation may be set by infrastructure that wishes to flag particular images as dangerous
- onResources:
- - resource: pods
- - resource: builds
- reject: true
- matchImageAnnotations:
- - key: images.openshift.io/deny-execution
- value: "true"
- skipOnResolutionFailure: true
|
