feat: add kyverno registry policy

janfuhrer · May 8, 2024 · e01fe0c · e01fe0c
1 parent a9e321b
commit e01fe0c
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/kubernetes/kyverno/registry.yaml b/kubernetes/kyverno/registry.yaml
@@ -0,0 +1,24 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: restrict-image-registries
+spec:
+  validationFailureAction: Audit
+  background: true
+  rules:
+  - name: validate-registries
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+    validate:
+      message: "Unknown image registry."
+      pattern:
+        spec:
+          =(ephemeralContainers):
+          - image: "harbor.domain.local/*"
+          =(initContainers):
+          - image: "harbor.domain.local/*"
+          containers:
+          - image: "harbor.domain.local/*"