Giters

wjam / image-registry-policy

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

image-registry-policy

This is a ValidatingAdmissionWebhook that helps to enforce restrictions around where images can be pulled from.

It allows allowlisting whole registries as well as individual images and specific tags of images. The difference between docker.io/library/postgres:latest, docker.io/library/postgres, library/postgres & postgres is handled. It also blocks the use of the latest tag - either explicitly set or through no tag set.

The configuration file looks like this and will be automatically reloaded when it changes:

log_level: INFO
allowed_registries:
  - 602401143452.dkr.ecr.eu-west-1.amazonaws.com
  - quay.io
allowed_images:
  - docker.io/library/postgres:12
  - library/golang:1.16
  - vault:1.7.1

About

License:Apache License 2.0

Languages

Language:Go 86.3%Language:Makefile 12.6%Language:Dockerfile 1.2%