ImagePolicyWebhook

Jan 1, 0001

Definition

An ImagePolicyWebhook is a Kubernetes admission controller that allows cluster administrators to enforce policies on container images before they are deployed. It acts as a gatekeeper, ensuring that only images meeting specific criteria, such as being signed or coming from trusted registries, are allowed to run in the cluster. This enhances security by preventing the deployment of potentially vulnerable or unauthorized images.

Secure Settings Example

apiVersion: policy.k8s.io/v1beta1
kind: ImagePolicyWebhook
metadata:
  name: trusted-image-policy
spec:
  imagePolicy:
    allowedRegistries:
      - name: "trusted-registry.com"
    requireSignature: true
    signatureKey: "trusted-key"

Insecure Settings Example

apiVersion: policy.k8s.io/v1beta1
kind: ImagePolicyWebhook
metadata:
  name: permissive-image-policy
spec:
  imagePolicy:
    allowedRegistries:
      - name: "*"
    requireSignature: false

ImagePolicyWebhook

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter