Description
Image validating policies can be used to validate images in the known generic resources (pod, job.. etc) or a CRD where the definition of the image tag may be in any place in the resource spec. for such cases, the image validating policy exposes a field spec.images which takes an array of named CEL expressions to be used to determine where the images are in a custom resource.
for example:
spec:
evaluation:
mode: JSON
matchImageReferences:
- glob: ghcr.io/*
images:
- name: "bar"
expression: "[object.foo.bar,]"this will evaluate images in an object that looks like this
apiVersion: example.io/v1
kind: MyResource
metadata:
name: test
foo:
bar: "ghcr.io/myrepo/myapp:latest"
Slack discussion
No response
Description
Image validating policies can be used to validate images in the known generic resources (pod, job.. etc) or a CRD where the definition of the image tag may be in any place in the resource spec. for such cases, the image validating policy exposes a field
spec.imageswhich takes an array of named CEL expressions to be used to determine where the images are in a custom resource.for example:
this will evaluate images in an object that looks like this
Slack discussion
No response