•
only-nginx.yaml
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: restrict-dockerhub-images
spec:
validationFailureAction: enforce
background: true
rules:
- name: allow-only-nginx
match:
resources:
kinds:
- Pod
validate:
pattern:
spec:
containers:
- image: "nginx:*"
YAML
복사
Result
•
httpd.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpd-deployment
labels:
app: httpd
spec:
replicas: 3
selector:
matchLabels:
app: httpd
template:
metadata:
labels:
app: httpd
spec:
containers:
- name: httpd
image: httpd:latest
ports:
- containerPort: 80
YAML
복사
kubectl apply -f httpd.yaml
Shell
복사
•
nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
YAML
복사
kubectl apply -f nginx.yaml
Shell
복사
