Skip to content

Instantly share code, notes, and snippets.

@acumenix

acumenix/Docker_scan_ValidatingWebhookConfiguration.yaml

Forked from mateobur/Docker_scan_ValidatingWebhookConfiguration.yaml
Created March 15, 2020 05:50
Show Gist options
  • Save acumenix/8e64bdd655317c6489eb34eb24f6de0c to your computer and use it in GitHub Desktop.
Save acumenix/8e64bdd655317c6489eb34eb24f6de0c to your computer and use it in GitHub Desktop.
Download ZIP
Docker Scan Anchore ValidatingWebhookConfiguration
Raw
Docker_scan_ValidatingWebhookConfiguration.yaml
Anchore engine policy validator is now installed.
Create a validating webhook resources to start enforcement:
KUBE_CA=$(kubectl config view --minify=true --flatten -o json | jq '.clusters[0].cluster."certificate-authority-data"' -r)
cat > validating-webook.yaml <<EOF
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: analysis-anchore-policy-validator.admission.anchore.io
webhooks:
- name: analysis-anchore-policy-validator.admission.anchore.io
clientConfig:
service:
namespace: default
name: kubernetes
path: /apis/admission.anchore.io/v1beta1/imagechecks
caBundle: $KUBE_CA
rules:
- operations:
- CREATE
apiGroups:
- ""
apiVersions:
- "*"
resources:
- pods
failurePolicy: Fail
EOF
kubectl apply -f validating-webook.yaml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment