ImagePolicyWebhook: config can be embedded (#15233)
All admission control plugins support two modes for specifying their configuration: linking to an external file using the `path` key in the shared admission configuration file, or directly embedding the configuration using the `configuration` key in the shared admission configuration file. This commit makes the ImagePolicyWebhook documentation mention the embedded configuration option.
This commit is contained in:
Taahir Ahmed
Kubernetes Prow Robot
parent
31cbc5e982
commit
51de06b36a
|
|
@ -249,6 +249,22 @@ plugins:
|
||||||
...
|
...
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Alternatively, you can embed the configuration directly in the file:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
apiVersion: apiserver.k8s.io/v1alpha1
|
||||||
|
kind: AdmissionConfiguration
|
||||||
|
plugins:
|
||||||
|
- name: ImagePolicyWebhook
|
||||||
|
configuration:
|
||||||
|
imagePolicy:
|
||||||
|
kubeConfigFile: /path/to/file
|
||||||
|
allowTTL: 50
|
||||||
|
denyTTL: 50
|
||||||
|
retryBackoff: 500
|
||||||
|
defaultAllow: true
|
||||||
|
```
|
||||||
|
|
||||||
The ImagePolicyWebhook config file must reference a [kubeconfig](/docs/concepts/cluster-administration/authenticate-across-clusters-kubeconfig/) formatted file which sets up the connection to the backend. It is required that the backend communicate over TLS.
|
The ImagePolicyWebhook config file must reference a [kubeconfig](/docs/concepts/cluster-administration/authenticate-across-clusters-kubeconfig/) formatted file which sets up the connection to the backend. It is required that the backend communicate over TLS.
|
||||||
|
|
||||||
The kubeconfig file's cluster field must point to the remote service, and the user field must contain the returned authorizer.
|
The kubeconfig file's cluster field must point to the remote service, and the user field must contain the returned authorizer.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue